CyberMaxx is ready to augment your internal DFIR team or act as the sole DFIR provider.
The science of electronic evidence gathering, preservation, and presentation – known as digital forensics helps the legal system by providing data that can be used in court. This data must be collected, stored, analyzed, and presented in an appropriate manner for it to be admissible as evidence.
This requires a combination of technical expertise, analytical skills, and a thorough understanding of legal and regulatory requirements – all of which the CyberMaxx team possesses.
Experienced DFIR Professionals
CyberMaxx provides digital forensics and incident response services (DFIR) using well-established processes to maintain the integrity of all components should they ever need to be presented as evidence in court.
Our forensic analysts have experience responding to internal investigations, HR issues, and criminal investigations.
Containment
Investigate the incident and take necessary actions to address the immediate threat.Forensics
Review forensic data including disk images, mobile phones, network logs (eg firewall, netflow, IPS) email and web proxy logs. Attempt to discover motive, attribution, extent of breach, and whether data exfiltration took place.Reporting
CyberMaxx produces reports that provide a timeline of the incident, identify gaps that lead to the incident, and recommendations to close the gaps and address any forensic blindspots in the future.
CyberMaxx DFIR Capabilities
CyberMaxx has capabilities for:
- All major operating systems (Windows, Mac, Linux, UNIX)
- Mobile devices
- Virtual machines
- Active Directory
- Databases,
- Cloud environments.
CyberMaxx provides tools for memory, disk, and mobile image acquisition.
Forensics can be requested ad-hoc to augment a company’s internal capabilities and handle sensitive HR or legal cases that require a third party. CyberMaxx also offers full incident response including management, discovery, containment, and response. Tools such as osquery, sysmon, Powershell, SSH, ansible, and network taps are used when the targeted environment doesn’t natively have EDR tools in place.
Chain of custody is observed unless otherwise requested. Clients with DFIR retainers can work together with CyberMaxx to develop playbooks to customize incident response needs.
CyberMaxx has physical SOC (security operation center) locations in NYC and Ireland where drives can be picked up locally, shipped, or disk images transferred to a secure location over the Internet. Staff is also available in Toronto Canada, Bangkok Thailand, and the mid-West USA. Analysts are available 24×7 by phone and SLAs are available to guarantee response times.
Digital Forensic Service Examples
- Retrace a user’s browsing history to determine what actions a user or attacker has performed.
- Analyze the registry (on Windows), event logs on the system, and other indicators to determine any lateral movement that may have been attempted.
- Determine if malware is running in memory and also shell commands that an attacker may have executed.
- Combine multiple machine disks and memory images to form a comprehensive timeline and analysis.
- Sensitive HR investigations (disgruntled employee, legal disputes, acceptable use policy violations)
Benefits of Digital Forensic Services from CyberMaxx
Organizations around the world rely on the power of digital forensics to understand the impact of cyber incidents, support investigations, and protect against future attacks.
- Investigative Support: Law enforcement is able to utilize the power of technology to identify and bring justice to perpetrators committing cybercrime. Essential evidence can be uncovered in order to build cases.
- Evidence Preservation: Evidence is essential for legal proceedings and the prosecution of individuals, making it important that it is maintained. This is where digital forensics comes in, helping to preserve critical data which may be necessary to secure justice.
- Fraud Detection: Financial crimes such as fraud and embezzlement can be effectively tracked down by utilizing the science of computer forensics.
- Incident Response: Incident response allows organizations to respond rapidly and competently when security issues arise, such as data leakage, so as to reduce harm and regain essential information.
- Litigation Support: Organizations find invaluable assistance in the form of evidence collected through the practice of digital forensics when it comes to litigation.
- Compliance: Organizations must adhere to regulations and standards that mandate the safeguarding and archiving of electronic records.