Embedded Files
What is it ?
What is it ?
Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it.
Forensic investigators typically follow a standard set of procedures: After physically isolating the device in question to make sure it cannot be accidentally contaminated, investigators make a digital copy of the device's storage media. Once the original media has been copied, it is locked in a safe or other secure facility to maintain its pristine condition. All investigation is done on the digital copy.
Investigators use a variety of techniques and proprietary software forensic applications to examine the copy, searching hidden folders and unallocated disk space for copies of deleted, encrypted, or damaged files. Any evidence found on the digital copy is carefully documented in a "finding report" and verified with the original in preparation for legal proceedings that involve discovery, depositions, or actual litigation.
What we do ?
What we do ?
Digital Forensics can include malware analysis, if any malware was discovered during the investigation. nibraas IT experts piece together the evidence to understand exactly what’s going on, including the use of HDD images, memory dumps and network traces. The result is a detailed elucidation of the incident. You as the customer initiate the process by gathering evidence and providing an outline of the incident. We analyze the incident symptoms, identify the malware binary (if any) and conduct the malware analysis in order to provide a detailed report including remediation step .
Beside the industry standard model, we follow below steps:
Identification: the type of incident is identified,
Preparation: the selection and preparation of tools, techniques, search warrants, and support of management is delineated,
Approach strategy: development of a procedure that will maximize collection of untainted evidence while minimizing the impact to the victim,
Preservation: Isolation, securing and preserving of the state of physical and digital evidence,
Collection: The recording of the physical scene and duplicate digital evidence using standardized and accepted procedures,
Examination: A systematic search of evidence previously collected,
Analysis: The determination of the significance of evidence, the reconstruction of data fragments and drawing conclusions based on evidence found,
Presentation: The summary and explanation of conclusions, and
Returning evidence: This step ensures physical and digital property is returned to proper
Google Sites
Report abuse