• Digital Forensics

    Digital Forensics

  • 1

Digital Forensics

Forward Defense's team is composed of highly skilled experts in training, digital investigations, computer forensics, information security and risk assessments. The frontline team is supported by a staff of leading subject matter experts and a proven team of corporate partners.

Forward Defense’s executives are professionals with extensive background in the government and commercial sectors.

 

We have conducted international cyber forensics engagements in many countries, including:

Partners

Forward Defense has teamed with key partners, and our strong working relationship with these companies helps ensure state-of-the-art training and services

Phishme

Phishme

PhishMe is a human-focused phishing defense concept based on dozens of years of experience in Read More
Dark Trace

Dark Trace

Powered by machine learning developed by mathematicians from the University of Cambridge, Darktrace’s Enterprise Immune Read More
Digital Shadows

Digital Shadows

Digital Shadows provides cyber situational awareness that helps organizations protect against cyber attacks, loss of Read More
Samel90

Samel90

The purpose of the mobile jammer, manpack jammer and portable jammers is to ensure protection Read More
Guidance Software

Guidance Software

At Guidance, we exist to turn chaos and the unknown into order and the known–so Read More
AccessData

AccessData

FTK is a court-cited digital investigations platform built for speed, stability and ease of use. Read More
Microsystemations

Microsystemations

FTK is a court-cited digital investigations platform built for speed, stability and ease of use. Read More
Magnet Forensics

Magnet Forensics

AXIOM is a complete digital investigations platform that brings together digital evidence acquisition, examination and Read More
RSA/EMC/Dell

RSA/EMC/Dell

RSA’s integrated, industry-leading advanced threat detection and cyber incident response solutions simplify and orchestrate these Read More
RepKnight

RepKnight

The RepKnight Cyber Intelligence platform supports a wide variety of use cases, from broad horizon Read More
ADF

ADF

ADF Solutions is the leading provider of digital forensic and media exploitation tools. These tools Read More
  • 1

Digital Forensic Services

Digital Forensic Services

We offer forensics and incident response training:

  • Windows Computer Forensics
  • Unix/Linux Forensics
  • Large Device and Server Forensics
  • Network Forensics
  • Mobile Phone Forensics
  • Apple Macintosh Forensics

In addition to training we also offer:

  • Forensics Lab Development
  • CERT Program Development
  • Incident Response 
  • Direct Forensics Services
  • Forensics Readiness Audits
  • Security Gap Analysis

Digital Forensic Services

Computer Forensics

This is the process of collecting and analyzing digital data in a manner that preserves the original data to the greatest extent possible. It is imperative that the results of this process are reproducible and quantifiable.


Static Data - Traditional, offline analysis of media
Memory - Acquisition and Analysis of Random Access Memory
Network - Analysis of remote systems
Binary - Reverse Engineering malware behavior

Computer Forensics

Static Data Forensics

Static Data Forensics

Traditional approach
“Dead box” analysis
Utilize write blockers to protect original evidence
Integrity verified through hash analysis

  • SECURE the media
  • PROTECT from alteration
  • IMAGE the media
  • VERIFY integrity of image
  • ANALYZE the image

Static Data Forensics

Memory Forensics

Sophisticated attacks may not write to non-volatile media and therefore it is necessary to seek out information stored in volatile memory.

  • Active network connections
  • Running processes
  • Clipboard data
  • Unsaved data
  • User IDs and passwords

Investigators must be aware that the act of collecting data from a running system’s memory will alter data and must weigh up the trade-off between preserving data and collecting data

Memory Forensics

Network Forensics

Network Forensics

In network environments, relevant data may be contained on more than one computer system.  To add to this complexity some critical servers cannot be shut down to be imaged. Therefore digital forensics teams must log data, connection data, security appliance data and others to seek out clues to additional systems of interest.

  • Live Acquisition - Acquiring non-volatile data from running systems
  • Log Analysis - Using transaction logs to determine systems of interest
  • Live Analysis - Performing analysis or scans of systems before imaging
  • Traffic Analysis - Forensic Analysis of data in motion across the network

Network Forensics

Binary Forensics

  • Static Analysis of binary files, performed by examining strings, associated libraries or DLL’s, and other indicators of behavior
  • Dynamic Analysis of binary files, where the executable code is run in a virtual or sandboxed environment to record network and disk activity to determine behavior
  • Reverse engineering of the binary through a debugger and similar software tools

Binary Forensics

Binary Forensics Analysis

  • Internet Activity
  • Active Files
  • Deleted Files
  • Accessed Files
  • Timelines
  • Remote Connections
  • Malicious Binaries
  • Attack Vectors
  • Infection Signatures

Applications

The digital forensics process can be applied to a wide range of problems. Media of all types can be analyzed and the data examined for a variety of applications.  These investigations can be split into three sections:

User Investigation

  • Employee misconduct investigations
  • Criminal investigations
  • Mobile phone content
  • Computer-based communication

Incident Response

  • Determining scope of a compromise
  • Developing signatures
  • Mitigating damage
  • Detecting attack vector

Data Discovery

  • Compliance with Court Orders to produce documents
  • Internal Security Audits and Compliance

  • Incident Response

    Incident Response

    Vulnerabilities, either disclosed or undisclosed, exist in all information technology systems. Read More
  • Threat Hunting

    Threat Hunting

    Actively looking for indicators of compromise is a necessary part of today’s IT security practices. Read More
  • CERT Development

    CERT Development

    Well-funded, organized attackers threaten your network and these IT attacks can result in data loss, service disruptions and defacement of public and private Internet resources. Read More
  • 1