ONSITE • REMOTE • ONLINE • CLOUD
Whatever the cyber incident is (malware, data leakage, exfiltration, tampering of data, phishing, scams, loss of backups, ransomware, insider threats, or any other), our expert staff will analyze the case and draw up conclusions and recommendations to improve resilience.
Legal, Business and Commercial departments do not always know how to proceed. Shall we pay the ransomware note? Do we have to report the facts to the police? Do we have the necessary expertise and resources in house to conduct a rigorous forensics investigation?
One eSecurity Digital Forensics Service will allow our clients to answer questions about a cyber incident, such as:
One eSecurity advises and assists the different departments and, especially, the various managers involved in incidents.
Not all forensics cases have the same treatment each type requires a different approach. That is why One eSecurity treats each case according to its type, adapting its processes depending on whether the cases are going to be administrative, civil or criminal, and always using the best practices in the digital forensics field.
|DIGITAL FORENSICS AND INCIDENT RESPONSE (DFIR) SERVICES|
|What objectives do we pursue?||When?|
| * Identify and gather evidence of computer malicious activity in a forensically sound manner.|
* Ensure in depth-analysis of digital evidence.
* Get to know what happened within your systems and what was the root cause of an incident.
* Identify external malicious actors and possible insiders in your organization.
* Support prosecution of the perpetrator of an incident.
* Help protect the organization against similar incidents occurring in the future.
* Evaluate, maintain and improve existing DFIR capabilities of your teams.
* Help prepare for incidents in advance, ensuring integrity and continuity of IT infrastructure.
| * During and after an incident, to gain an in-depth knowledge of the activity occurred.
* As a resilient strategy to prepare for cybersecurity incidents.
* In order to respond to and resolve investigative hypothesis.
* For securing and strengthening defense mechanisms as well as closing security gaps.
* To ensure prosecution legal compliance.
* In order to counter-expertise an existing digital forensics process or report.
* To settle disputes among employees or between the employer and employees, based on digital evidence.
* When aiming to increase to improve forensic readiness capabilities, based on forensic processes and procedures.
The service is made up of the following phases based on NIST standards:
|Acquisition||Identifying, labeling, recording, and acquiring data from the possible sources of relevant data, while following procedures that preserve the integrity of the data. One eSecurity is able to provide the technological means to collect large volumes of evidence while preserving the chain of custody.|
|Processing||Triage, processing and correlation of collected data using a combination of tools, automated and manual methods and techniques, assessing and extracting data of particular interest for the investigation and being able to deliver comprehensive forensics outputs to multidisciplinary investigation teams.|
|Analysis||Analyzing forensics output of the previous phase, to achieve the objectives of the investigation, considering a series of plausible hypothesis to obtain the answers that proof or refute evidential indicators. This analysis is performed by a group of analysts made of experts in digital forensics, along with other disciplines, and supported by a state-of-the-art proprietary technology.|
|Report||Reporting the results of the analysis as well as detailing the methodology used during the whole investigation. One eSecurity adjusts the level of reporting to the needs of the target, addressing technical and/or executive audiences, as well as expert reports for legal proceedings. In all cases, reporting determines what digital evidence supports what hypothesis and what conclusions can be drawn from the investigation process.|
Our Digital Forensics service is formed by experts from the Emergency Incident Response, Cyber Threat Intelligence and Threat Hunting departments that analyze and investigate any evidence of malicious activity. All our knowledge and experience adds to this service in order to found and identify any threat.
Thanks to One eSecurity's versatile and experienced DFIR team we are able to gather, and process, a great number of evidences in a very short time.
Our team can be activated when, and for whatever you need us to. Our different service modalities allow our clients to get the coverage needed: on demand, as a retainer, locally or remotely. Our team is available and ready to work anywhere in the world.
Digital Forensics is not an isolated activity that is added to your organization. From One eSecurity we make sure to be integrated on the processes of the client infrastructure.
Software and Hardware
One eSecurity works with carefully selected industry leading strategic security vendors, in order to provide the best of breed digital forensic solutions. Each case is different and needs a different approach, while tools also differ depending on the platform, operating system and the type of the target device. One eSecurity uses hardware and software tools, commercial and open source, chosen according to design, specific purpose or broader functionality.
After more than 10 years delivering DFIR services, both as Incident Respondents and Forensic Analysts in many environments, reviewing thousands of systems, we have been progressively developing internally our own DFIR analysis system, known as SKY.
The SKY platform has been designed not only to automate most of the usual orchestration work, needed to manage DF/IR/CTI/Hunting infrastructure, but also to be an automated investigation and analysis system that is able to process evidence (live or already acquired systems), with the specific tools needed, and integrate the results in a centralized analysis environment.
SKY’s modular design has been created to make it possible to handle different kinds of cases, processing the multiple types of evidence found in victim systems, such as media, memory and network traffic.
|Emergency Incident Response||Threat Hunting Service||Cyber Threat Intelligence|
|One eSecurity Emergency Incident Response is aimed at clients who need agile response and support when a security incident happens.||Our Threat Hunting service combines the analytic capacity of our most experienced experts with the power and automation of our Hunting Framework, offering a continuous and proactive threat search process in both networks and systems.||The Cyber Threat Intelligence service by One eSecurity provides (both internally and for clients) knowledge and information on key threats for decision-making and forecasts of risk situations on IT systems and networks.|
|Learn more||Learn more||Learn more|