Core Networks are experts in Networks, Computer, Malware and Mobile Forensics.
What is Incident Response?
Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. An incident response plan includes a policy that defines, in specific terms, what constitutes an incident and provides a step-by-step process that should be followed when an incident occurs.
It is not a matter of ‘will’ or ‘can’ we be hacked but ‘when.’
It is only a matter of time before cyber criminals make their way into your organization – no matter how large or small it is or the type of business you conduct. Identity theft, stolen credit card numbers, websites defaced – or worse used to spread malware – are just some of the cyber criminals objectives. These incidents require a rapid response to minimize damage and exposure. It is a fact that many organizations that suffer a major breach never recover.
Core Networks specializes in network, computer, mobile device and malware forensics and evidence gathering.
The most common questions we are asked is:
How did the breach occur?
How did this malware/virus infect our network?
Is there a backdoor for cyber criminals to gain access to our network?
What data did the cyber thieves have access to and what did they steal?
The most effective way to answer these questions is to forensically analyze the network, servers, desktops and other infrastructure. Analyzing network traffic, storage, running processes and programs help us gather the evidence to rebuild the stage of events, including:
- clicked links
- downloaded malware
- how/where it spread
- cyber criminal activities
- evidence of anti-forensics (how they covered their tracks)
Networks and Computer forensics
Core Network’s digital forensic analyst investigates computer incidents by collecting and analyzing data from computer systems and networks to track user-based activity that can be used in malware and cyber-crime incidents, internal investigations or civil/criminal litigation.
We have in-depth technical knowledge of UNIX, Linux, Mac OS and Windows Digital Forensics (Windows XP through Windows 8; and Server 2012). We use computer forensic tools such as Access Data’s Forensic Toolkit (FTK), Guidance Software’s EnCase, Registry Analyzer, FTK Imager, Prefetch Analyzer and many more.
Incident responders hunt down and counter a wide range of threats within enterprise networks. We have a proven, industry-standard methodology that gives our customers peace of mind we are gathering the evidence and analyzing it – we piece together the puzzle.
Malware Forensics
The malware analysis helps incident responders assess the severity of a situation that involves malicious software. We learn how to understand key characteristics of malware discovered during the examination, including how to establish indicators of compromise (IOCs) for scoping and containing the incident.
We reverse-engineer web browser malware implemented in JavaScript and Flash, PDF and Microsoft Office files. Reverse-engineering malicious software is accomplished by using a variety of system and network monitoring utilities, a disassembler, a debugger and other tools.
Mobile Forensics
In today’s world of everything and everywhere connectivity tablet computers, phones and other mobile devices are a lucrative target for cyber criminals. Core Networks incorporates mobile device forensics in most incident response events to broaden the scope of evidence finding and analyzing.