Digital Forensics
Forward Defense's team is composed of highly skilled experts in training, digital investigations, computer forensics, information security and risk assessments. The frontline team is supported by a staff of leading subject matter experts and a proven team of corporate partners.
Forward Defense’s executives are professionals with extensive background in the government and commercial sectors.
We have conducted international cyber forensics engagements in many countries, including:
Partners
Forward Defense has teamed with key partners, and our strong working relationship with these companies helps ensure state-of-the-art training and services

Dark Trace

Digital Shadows

Guidance Software

AccessData

Microsystemations

Magnet Forensics

RSA/EMC/Dell
- 1
Digital Forensic Services
We offer forensics and incident response training:
- Windows Computer Forensics
- Unix/Linux Forensics
- Large Device and Server Forensics
- Network Forensics
- Mobile Phone Forensics
- Apple Macintosh Forensics
In addition to training we also offer:
- Forensics Lab Development
- CERT Program Development
- Incident Response
- Direct Forensics Services
- Forensics Readiness Audits
- Security Gap Analysis
Computer Forensics
This is the process of collecting and analyzing digital data in a manner that preserves the original data to the greatest extent possible. It is imperative that the results of this process are reproducible and quantifiable.
Static Data - Traditional, offline analysis of media
Memory - Acquisition and Analysis of Random Access Memory
Network - Analysis of remote systems
Binary - Reverse Engineering malware behavior
Static Data Forensics
Traditional approach
“Dead box” analysis
Utilize write blockers to protect original evidence
Integrity verified through hash analysis
- SECURE the media
- PROTECT from alteration
- IMAGE the media
- VERIFY integrity of image
- ANALYZE the image
Memory Forensics
Sophisticated attacks may not write to non-volatile media and therefore it is necessary to seek out information stored in volatile memory.
- Active network connections
- Running processes
- Clipboard data
- Unsaved data
- User IDs and passwords
Investigators must be aware that the act of collecting data from a running system’s memory will alter data and must weigh up the trade-off between preserving data and collecting data
Network Forensics
In network environments, relevant data may be contained on more than one computer system. To add to this complexity some critical servers cannot be shut down to be imaged. Therefore digital forensics teams must log data, connection data, security appliance data and others to seek out clues to additional systems of interest.
- Live Acquisition - Acquiring non-volatile data from running systems
- Log Analysis - Using transaction logs to determine systems of interest
- Live Analysis - Performing analysis or scans of systems before imaging
- Traffic Analysis - Forensic Analysis of data in motion across the network
Binary Forensics
- Static Analysis of binary files, performed by examining strings, associated libraries or DLL’s, and other indicators of behavior
- Dynamic Analysis of binary files, where the executable code is run in a virtual or sandboxed environment to record network and disk activity to determine behavior
- Reverse engineering of the binary through a debugger and similar software tools
Binary Forensics Analysis
- Internet Activity
- Active Files
- Deleted Files
- Accessed Files
- Timelines
- Remote Connections
- Malicious Binaries
- Attack Vectors
- Infection Signatures
Applications
The digital forensics process can be applied to a wide range of problems. Media of all types can be analyzed and the data examined for a variety of applications. These investigations can be split into three sections:
User Investigation
- Employee misconduct investigations
- Criminal investigations
- Mobile phone content
- Computer-based communication
Incident Response
- Determining scope of a compromise
- Developing signatures
- Mitigating damage
- Detecting attack vector
Data Discovery
- Compliance with Court Orders to produce documents
- Internal Security Audits and Compliance