Ethernet switch and cables

Incident Response & Network Forensics

Coupled with computer forensics, our network forensics offering is a full service Incident Response Team that is skilled and experienced in handling real-world intrusion, attacks and incidents of not only APT, but growing threats from around the world. When identifying attacks, tools and techniques can be used to capture and inspect data packets passing through the network. These packets can be inspected live or stored for later analysis. If an attack recently happened, time is of the essence and you are encouraged to immediately contact AR Forensics staff for a consultation. Typically, our engagement might consist of any of the following:

  • On-site visit to gain a full scope of the intrusion and offer law enforcement insite
  • Identify the scope of the computer systems impacted
  • Make forensic images and collect log files of key computers that were compromised
  • Perform computer forensic recovery in an attempt to recover deleted files and logging data
  • Analysis of the forensic images and recovered data to determine the source of the cybersecurity breach and attack
  • Track the perpetrators in an attempt to identify where the attack originated from on the Internet
  • Assist counsel with the formulation of subpoenas for the purpose of obtaining the identifying information on the source of the attack
  • Write an expert report describing how the hacker attack took place and what vulnerabilities were discovered
  • Recommend corrective actions to secure the compromised systems. Targeted threats represent a serious threat to organizations as the sophistication, organization and execution among actors continues to grow.

Targeted threat actors focus on a specific target and customize and adapt their tools, tactics and procedures (TTP) to predict and circumvent security controls and standard incident response practices. This background analysis and reconnaissance is done by patient people that only have to be right once. Typical defensive tools, procedures, and controls commonly put in place to detect everyday cyber threats are often ineffective against targeted attacks as they will pinpoint a human weakness, use "white listed tools" or tools that are tested and undetected against known antivirus software and remain undetected for months to years.

Contact us to discuss your Incident Response & Network Forensics needs:

[Phone] 571-306-0466

[Email] info@ar-forensics.com