service

Forensic Services

CipherTechs can augment your internal DFIR team or act as your sole DFIR provider.

Leverage DFIR retainers or call with ad-hoc incidents.

Do you have a security incident you’d like to speak with an expert about?

Call us any time +1-877-247-4379

CipherTechs provides digital forensics and incident response services (DFIR) using well established processes to maintain the integrity of all components should they ever need to be presented as evidence in court. Our forensic analysts have experience responding to internal investigations, HR issues, criminal investigations. Our DFIR service is compromised of:

  • Containment. Investigate the incident and take necessary actions to address the immediate threat.
  • Forensics. Review forensic data including disk images, mobile phones, network logs (eg firewall, netflow, IPS) email and web proxy logs. Attempt to discover motive, attribution, extent of breach, and whether data exfiltration took place.
  • Reporting. CipherTechs produces reports that provide a timeline of the incident, identify gaps that lead to the incident, and recommendations to close the gaps and address any forensic blindspots in the future.

CipherTechs has capabilities for all major operating systems (Windows, Mac, Linux, UNIX), mobile devices, virtual machines, Active Directory, databases, and cloud environments.

CipherTechs provides tools for memory, disk, and mobile image acquisition.

Forensics can be requested ad-hoc to augment a companies internal capabilities, handle sensitive HR or legal cases that require a third party. CipherTechs also offers full incident response including management, discovery, containment, and response. Tools such as osquery, sysmon, Powershell, SSH, ansible, and network taps are used when the targeted environment doesn’t natively have EDR tools in place.

Chain of custody is observed unless otherwise requested. Clients with DFIR retainers can work together with CipherTechs to develop playbooks to customize incident response needs. Analysts are available 24x7 by phone and SLAs are available to guarantee response times. CipherTechs has physical SOC locations in NYC and Ireland where drives can be picked up locally, shipped, or disk images transferred to a secure location over the Internet. Staff are also available in Toronto Canada, Bangkok Thailand, and the mid-West USA.

Digital Forensics Services Examples

  • Retrace a user’s browsing history to determine what actions a user or attacker has performed.
  • Analyze the registry (on Windows), event logs on the system and other indicators to determine any lateral movement that may have been attempted.
  • Determine if malware is running in memory and also shell commands that an attacker may have executed.
  • Combine multiple machine’s disk and memory images to form a comprehensive timeline and analysis.
  • Sensitive HR investigations (disgruntled employee, legal disputes, acceptable use policy violations)