Network forensics, or IT Forensics, is a form of computer forensics that involves extracting forensic evidence from computer networks, particularly for use as criminal evidence. The extraction can either be from network log files or logged information on routers, nodes, and other network devices; or the extraction can be proactive, actively capturing network packets for use as evidence.

Captured network packets can be used to recreate transferred files, analyze security threats, and identify network intruders. Although evidence on a computer or network drive may be destroyed, Network Forensics can identify a culprit by using data stored on network devices to identify unauthorized access to the computer or network device.

Timely identification and remediation of internal and external network vulnerabilities is something every organization needs done before hackers or disgruntled insiders exploit the weaknesses. The process of identifying vulnerabilities, evaluating the risk, remediation, and reporting is called vulnerability management. By using a formal vulnerability management process, organizations are able to more efficiently find and fix security vulnerabilities within their network.

They fit together to test for weaknesses, while providing suggestions for improvement.  Testing allows client management to be confident knowing what vulnerabilities may exist and provide the opportunity to develop a plan to address any issues.

Certified security professionals are proficient in security techniques and system exploits with knowledge on multiple network platforms.  You receive written descriptions of each vulnerability identified with specific backgrounds, consequences, and remediation instructions.  These are further analyzed and reported with prioritization and understandable suggestions.

Penetration testing is a method of probing and identifying security vulnerabilities in your network and the extent to which they could be exploited by a hacker. These tests are typically performed using automated tools that look for specific weaknesses, technical flaws, or vulnerabilities to exploit. The results are presented to the system owner with an assessment of their risk to the networked environment and a remediation plan highlighting the steps needed to eliminate the exposures.

Vulnerability management and penetration testing work hand in hand to close any potential openings available to corporate attackers. Together, vulnerability management and penetration testing enhance security and lessen the probability that the criminals could penetrate your systems.

We perform these tests using an evolving process that includes cutting-edge tools, mimicking the activity of a determined hacker.  Instead of a “canned” approach to testing, we tailor our procedures according to your specific needs and concerns, helping to increase the cost-effectiveness of this service.  The depth of the penetration testing can be established at your discretion – from basic attempts of unauthorized access and web-site defacement to full-scale denial-of-service.

Each penetration test includes a detailed report of any identified vulnerability, classified by the likelihood it could be exploited, and by the impact that it might have on the Company’s network.  The data from these periodic Network Breach Assessments and/or penetration tests could be compiled throughout the year and presented in consolidated format in an annual report.

Please note that the Network Breach Assessment is more thorough than the Penetration Test, as it considers a wide array of internal components.  It may be advantageous to perform Penetration Testing subsequent to addressing issues identified during a Network Breach Assessment.

The human element of your company’s security may be tested, along with your fixed information systems.  These tests are tailored to your objectives and highly customized to fit your situation.

The weakest link in any security program is an organization’s people; attackers take advantage of this weakness through social engineering. Social engineering is a term that describes the non-technical intrusion into an organization that relies on human interaction, often involving tricking people in order to break normal security policies. Similar to traditional “con games” where one person is duped because they are naturally trusting, attackers will use any technique to gain unauthorized information. Social engineering techniques include everything from phone calls with urgent requests to people with administrative privileges to trojans lurking behind email messages that attempt to lure the user into opening the attachments.  E-Investigations will attempt to by-pass the people who enforce your security through a variety of means, such as the following:

  • External Social Engineering – E-Investigations will perform Social Engineering phone calls to individuals within the organization. Targets will include individuals from the help desk, IT department, human resources, finance, and other departments within the organization. The objective of these calls will be to induce the users to divulge sensitive information over the phone in violation of company policy.
  • Targeted Email “Phishing” Attacks – Emails will be sent to individuals and groups within the organization in order to attempt to entice the user to click on an external link that will either attempt to gather sensitive information or deliver a malicious payload onto their desktop system which could include browser and operating system buffer overflows, Trojan horses, and keystroke loggers.
  • Malicious Portable Media – USB Flash drives and CD-ROM drives with enticing labels such as “Salary” will be left in public areas such as hallways, restrooms, and break rooms. The media will contain simulated malicious code that will attempt to grab sensitive host information such as the network configuration, list of running processes, and a password hash dump.
  • Sensitive Document Disposal Audit – “Dumpster Diving” – E-Investigations will search internal trash receptacles and external dumpster and disposal areas for sensitive documents or storage media that is disposed of in violation of company policy.

Expert Witness