Forensics and eDiscovery

When faced with a wide-scale compromise or complex litigation, most organizations come to the realization that they lack the critical skills necessary to perform the forensic analysis and associated tasks to identify data and associated metadata of relevance to the case at hand. Leveraging our SOC2Cloud technology and processes, C3SA's CyberFIRE™ team can assist by providing a complete and integrated forensic solution that's custom-tailored to your environment that will enable our experts at a moment's notice to remotely tackle any forensic problem, regardless of complexity. Our unique solution has been designed and accredited to adhere to industry best practices while ensuring that all utilized processes, acquired evidence and reported findings can withstand any legal challenge in your jurisdiction.

Our Guarantee

With every forensic investigation that C3SA undertakes, we guarantee through a repeatable and auditable process a strict adherence to recognized industry standards and best practices to ensure that all activities can be defended in the court of law. We will:

Acquire all digital evidence using a forensically sound process through software and hardware that has been validated and accredited
Ensure that all connections and forensic data acquisitions are conducted using recognized and auditable software leveraging trusted cryptographic algorithms and protocols
Provide a detailed and inclusive report of all forensic findings that will explain in minute detail how any forensically-relevant data and metadata was extracted, analyzed and interpreted along with strong justifications to support any inference or conclusion that is made
Provide expert-witness testimony in the court of law

Malware Forensics

Using state-of-the art processes and our unique technology, we can quickly identify some of the world's most sophisticated malware used by some of the most advanced APTs. We can:

Create on a perpetual basis a baseline of any device including its Operating System, applications and running memory to quickly and efficiently detect any unauthorized modifications that may have taken place or malware that may have been installed by a threat actor
Quickly determine the intrusion vector and, if applicable, exploits that were used to gain a foothold on the host
Conduct near-instant memory imaging and analysis to identify shell code and sophisticated malware that never hits the disk
Reverse-engineer any identified malware and shell code to determine its exact functionality along with Indicators of Compromise (IoC) that can be used your Incident Response team to identify other infected hosts in your infrastructure
Decrypt, when possible, beaconing to the malware's Command and Control infrastructure to determine which exact commands were issued by the treat actor
Identify lateral movement by threat actors from the compromised host to other assets in your organization that will often escape the view of SIEMS and network perimeter defense devices
Identify, when possible, stolen (ex-filtrated) data and information
Attribute, when possible, the compromise to a known threat actor
Perform a root cause analysis to identify which specific factor(s) lead to the compromise

eDiscovery

Using our expertise in conducting forensics at the enterprise level, we assist any organization in all eDiscovery endeavors to quickly identify sensitive and relevant files in order to react to any prospective or ongoing litigation or, authorized information disclosure investigation. This is accomplished by:

Creating a detailed index on a perpetual basis a set or subset of files that matches any keyword or expression that you supply
Monitoring, logging, auditing and instantly alerting you when specified files are accessed
Making a forensically and secure sound copy all while preventing access to any file on-demand to prevent any further modifications
Transferring in a secure and auditable fashion any set or subset of files to an investigative or legal body of your choosing