In network forensics, we monitor and perform analysis of the network traffic for the purposes of information gathering, legal evidence and/or detection malware intrusion.
How can we help?
In network foresincs, we monitor and perform analysis of computer network traffic for the purposes of information gathering, legal evidence and / or detection malware intrusion. Network forensics is performed with the following two aims:
- Detecting anomalous traffic and identifying intrusions. Depending upon the network design, we investigate which sub network is generating such traffic until we discover the compromised machine. Once the source of anomalous machine or machines are identified, we quarantine the machine and perform in depth machine forensics to identify the malware that was releasing critical information, how to came to infect the system and to whom was it releasing information.
- Reassemble captured network traffic to to transferred data, files and human communication such as emails or chats in order to analyze and search through the data for data exfilteration.
Network forensics may also involve, running network wide tools to collect evidences such as port scanners, vulnerability scanners, log analysis from Intrusion Prevension Systems and Firewalls, etc to collect compelling evidences. A damage analysis is also performed to identify the loss incurred to the affected organization.
We also perform wireless forensics with the goal to collect and analyze wireless network traffic that can be presented as valid digital evidence in the court of law. The evidence collected can correspond to plain data or voice conversation using VOIP technology