Digital Forensics and
Incident Response (DFIR)

Infopercept's Digital Forensics and Incident Response- Swift Analysis and Incident Response During an Active Attack


Compromise and data breach may look like a distant reality for your organization, but in reality they are not. Attackers after compromising your network, can remain in stealth mode, in your organization's network so as to create maximum damage when the time comes.


The expert team of Infopercept's Digital Forensics and Incident Response (DFIR) acts swiftly to provide analysis and Incident Response to the organizations in two scenarios. One, where the organization knows they have been attacked and second, where the organization is not sure whether they have been attacked or not.

Primary reasons why your organization needs Infopercept's DFIR Services

  • To determine whether a cyber attack has occurred or not
  • To identify the full scope of cyber attack and respond to it
  • To identify root cause of the cyber attack
  • To collect evidences of cyber-attack and trace activities performed after attack such as Data Exfiltration

Infopercept's DFIR Services Has Two Main Approaches:

Proactive Approach:

Our expert team analyzes the behavior of entire endpoints and network traffic to identify malicious activities and known connections with bad actors to identify whether your IT infrastructure is compromised or not.
Our proactive approach has three major stages:

Sweep

  • Host- based Compromise Assessment utilizing malware identification software
    • Option 1: Selected critical endpoints
    • Option 2: All endpoints across the enterprise
  • Log analysis on selected endpoints applications and endpoints utilizing data analytics techniques
  • Network Deception with decoys across landscape

Analyse and Respond

  • Analysis of endpoints and network traffic utilizing forensics and third party analysis tools
  • Malicious activities profiling based on selected log files (for example proxy logs)
  • Malicious communication identification
  • Command and control analysis
  • Sandboxing on detected executables for Malware Analysis
  • File processing (e.g. file uploads) analysis
  • Creation of Indicators of Compromise (IOC) and perform enterprise-wide sweep for similar compromise
  • Further analysis such as digital forensics investigations if required
  • Recommendations for immediate containment and eradication
  • Recovery of systems and network to bring back operation at normal capacity

Report

  • Executive Summary
  • Detailed analysis
  • Threat intelligence (If any malware found)
  • Recommendations on what further actions need to be taken in order to prevent similar attacks in near future
  • Briefing sessions to discuss the findings & results

Reactive Approach:

When your organization is under active attack and you know it, our DFIR team acts and responds fast to stop further damage, neutralize the existing damage, and restores your organization's activities to normal operation as soon as possible.

Onboarding

  • Pre onboarding to clear pre engagement process, in order to be able to act swiftly when required
  • Workshop: 2/4/8/ hour workshop to understand infrastructure and get to know team members and key contacts

Response Time

  • Incident Notification by Hotline or Email
  • Get service level agreement (SLA) details for Remote and Onsite consulting. 1 hour/2 hour/4 hour/8 hour SLAs are available.

Benefits

  • Cyber Team on Standby 24x7
  • Prepaid hours with discounted per hour rate
  • Unused hours: Don't lose the hours your paid for, can be used for other Proactive Cyber Security Services

Our Digital Forensics Process:

We follow the following three steps in our Digital Forensics Process:

Acquisition:

Our investigators create an exact duplicate of the media in question using a hard drive duplicator or specialized softwares. To prevent tampering, the original media is secured in a safe place and only the duplicate copy is used for analysis

Analysis:

The duplicated files or evidence are then analysed by our forensic specialists, who keep track of any evidence that supports or refutes a hypothesis. Continuous analysis is carried out to reconstruct events and actions as happened during the incident, in order to create a timeline and conclude on what has occurred and how hackers gained access to the systems

Reporting:

Once a digital forensics investigation is completed, the findings and conclusions uncovered by analysts are presented with an executive summary in the form of a report that is easy to understand by executives and non-technical personnel.

We are happy
to help you

/