Forensic Analysis
A forensic analysis aims on securing digital tracks and marks on a computer that was used by someone for committing a crime or was itself a victim of such a deed.
This approach requires a laboratory that carries out testing strictly confidentially and impartially. We can ensure you the confidential treatment of all information and data. If request the lawyer? office, that cooperates closely with us, will give you legal advise with reference to possible legal measures and prospects in case of facts constituting an offence.
Forensic analysis of a server
In particular servers are frequently attacked by hackers. Above all, if they are connected to the Internet. After a server was manipulated we can use different analysis methods to track and to finally catch the intruder. Our team is in the position to detect objects of files systems, that have been deleted or manipulated, on nearly all servers (Unix and Windows) and PC work stations. and restore deleted or manipulated file system objects. Manipulations at the operating system and the system core can be determined and likewise analyzed.
Analysis/achievement examples:
There can be different reasons to analyse a work station. For example there is a strong suspicion that one of your employees is involved in storing illegal contents on his PC or Notebook stored or there are manipulated data on a certain work station. This analysis allows you to test whether there is a Trojaner or a worm on this work station or whether there are back doors (a way of getting into a password-protected system without using the password) or viruses?An analysis helps to clear it up.
An analysis of the file system unearth the truth:
The recording of AAA data and parameters of communication ? the so called "forensic accounting" allows you to track illegal tries to access the system, for example if there is an trojaner or worm on the system. Thereby in the enterprise the manipulated job or server is recognized.
Log file evaluation
By analyzing the log files and event trapping you can determine whether exceptional messages exist, respectively events have taken place on the machine that could have been caused by an intruder.
Honeypots
If you suspect that someone unauthorized tried to access your company?s data and the forensic analysis has so far not supplied any proofs, we could offer to set up a so called Honeypot. The intention of setting up a honeypot is create some sort of trap to lure a potential intruder by preparing a computer with calculated security holes. This computer is then supervised. If an intruder from inside the company tries to manipulate the data or the computer, this manipulation can be detected and tracked by using special network Tools (HIDS and NIDS).
This approach requires a laboratory that carries out testing strictly confidentially and impartially. We can ensure you the confidential treatment of all information and data. If request the lawyer? office, that cooperates closely with us, will give you legal advise with reference to possible legal measures and prospects in case of facts constituting an offence.
Forensic analysis of a server
In particular servers are frequently attacked by hackers. Above all, if they are connected to the Internet. After a server was manipulated we can use different analysis methods to track and to finally catch the intruder. Our team is in the position to detect objects of files systems, that have been deleted or manipulated, on nearly all servers (Unix and Windows) and PC work stations. and restore deleted or manipulated file system objects. Manipulations at the operating system and the system core can be determined and likewise analyzed.
Analysis/achievement examples:
-
to detect root kits
to detect and track manipulations of the operating system files
to analyze history and log files
to detect malware (software with malicious intent), such as viruses, Trojans
to detect possibly used security holes that allowed the intruder to get into the system
tracking of the intruder?s IP up to catching the responsible network administrator (also abroad possible)
to deliver an expert opinion (that could be used in court) in cooperation with our lawyer office
There can be different reasons to analyse a work station. For example there is a strong suspicion that one of your employees is involved in storing illegal contents on his PC or Notebook stored or there are manipulated data on a certain work station. This analysis allows you to test whether there is a Trojaner or a worm on this work station or whether there are back doors (a way of getting into a password-protected system without using the password) or viruses?An analysis helps to clear it up.
An analysis of the file system unearth the truth:
-
illegal contents of (pictures, music, films)
software pirat copies without valid license
Trojans
Backdoors
Worms, viruses and other Malware
Further services in the field of forensic analysis:
Forensic AccountingThe recording of AAA data and parameters of communication ? the so called "forensic accounting" allows you to track illegal tries to access the system, for example if there is an trojaner or worm on the system. Thereby in the enterprise the manipulated job or server is recognized.
Log file evaluation
By analyzing the log files and event trapping you can determine whether exceptional messages exist, respectively events have taken place on the machine that could have been caused by an intruder.
Honeypots
If you suspect that someone unauthorized tried to access your company?s data and the forensic analysis has so far not supplied any proofs, we could offer to set up a so called Honeypot. The intention of setting up a honeypot is create some sort of trap to lure a potential intruder by preparing a computer with calculated security holes. This computer is then supervised. If an intruder from inside the company tries to manipulate the data or the computer, this manipulation can be detected and tracked by using special network Tools (HIDS and NIDS).
DN-Systems at LinuxTag 2007
