Services: Intrusion Detection
Goal
Technical analysis of collected data in order to determine the success as well as the underlying methodology of a successful attack.
Initial Situation
In order to identify and understand a security attack (method, approach) an analysis is performed based on the provided or collected data (see Evidence Collection).
Approach
- Data collection: The data that are to be analyzed are either collected or retrieved from a previous data collection.
- Analysis: These data are analyzed in order to determine the success of an attack and its underlying methodology.
- Documentation: The analyzed data and the analysis results are documented in detail.
Result
We provide the customer with a document that details the collected data as well as their background. The technical aspects of the intrusion are discussed in as much detail as possible. Further information such as a psychological profile of the attacker and other potential targets can be provided as well.
Pros and Cons
A professional electronic intrusion detection is based on a comprehensive set of data (see Log Management). Compromised or missing underlying data directly influence the scope of the intrusion detection.
Reference Example
Intrusion Detection Credit Card Theft: A leading enterprise witnessed the defacement of its online shop. We were tasked with determining through an electronic investigation how the attack was carried out and which items were accessed. Our investigation established that aside from the defacement also the theft of all credit card information in the database occurred. This work provided the basis for a criminal investigation against unknown suspects (Although the geographical origin of the crime could be narrowed down, this information was intentionally omitted from the charges).
