Services: Forensic Analysis
Goal
Forensic analysis of previously collected data in order to determine the progression of a security incident and its target.
Initial Situation
In order to analyze the progression of the attack and its target a forensic analysis is performed based on the provided or collected data (see Evidence Collection).
Approach
- Data collection: The data that are to be analyzed are either collected or retrieved from a previous data collection.
- Analysis: The data are analyzed in order to determine the progression of the attack as well as its target.
- Documentation: The analyzed data and the analysis results are documented in detail.
Result
We provide the customer with a document that details the collected data as well as their background. This includes a detailed analysis of the progression of the attack as well as its target. Further information such as a psychological profile of the attacker as well as other potential targets is detailed as well.
Pros and Cons
A professional forensic analysis is based on a secure and responsible data collection (see Log Management). Compromised underlying data directly influence the scope of the forensic analysis.
Reference Example
Forensic Analysis Blackmail: An international telecommunication company was blackmailed by a former IT employee for several million Swiss Franks. Because the perpetrator’s demands were not met he deliberately destroyed productive data through backdoors (customer and billing information) and rendered certain services (telephone and internet) inaccessible through distributed denial of service attacks. We collected data together with the authorities and used forensic analyses to gather evidence against the suspect. Our work was the basis for the initial charges for various crimes, the international prosecution (Germany, Italy, USA) and the subsequent legal proceedings.
