2. Table of Contents
IT FORENSIC .............................................................................................................................................. 3
Possibility of breach of security ................................................................................................................ 3
Nature of Attacks...................................................................................................................................... 3
Internal Intrusion ................................................................................................................................... 3
External Intrusion .................................................................................................................................. 4
FORENSIC ................................................................................................................................................. 4
Forensic Type ............................................................................................................................................ 5
Forensic Forensic Process Model .............................................................................................................. 6
Our Services .............................................................................................................................................. 7
Securitarian Confidential Material
2
3. IT FORENSIC
The IT Computer Forensic is investigatory approach for finding the evidences,
extent of loss & culprits, when some information security breach has taken place.
Forensic solution, lets examiners acquire data from a wide variety of devices, unearth
potential evidence with disk level forensic analysis, and craft comprehensive reports on
their findings, all while maintaining the integrity of their evidence.
A recent study indicates that over 93% of information produced is in digital format.
The same study also noted that 85% of all criminal, civil, and company violations are
done by means of digital Intrusion.
POSSIBILITY OF BREACH OF IT SECURITY
• Theft of Company Secrets (client or employee lists)
• Employee Sabotage or Terrorism
• Credit Card Fraud
• Financial Crimes
• Embezzlement (money or information)
• Economic Crimes
• Harassment (sexual)
• Child Pornography
• Major Crimes
• Identity Theft (short or long-term plans)
Nature of Attacks
o Internal
USB
PEN Drives
External Hard Drives
LAN
o External
Web
Mail
IM
INTERNAL INTRUSION
Pen Drive Intrusion
o Details of all pen drives installed on a system
o Recorded as per O/S artifacts with timeline
Securitarian Confidential Material
3
4. o Analysis of all pen drives used on different work station on a Network
Local Area Network Intrusion
o Any suspected user Login Analysis with Victims computer in the Network
o Artifacts with regard to different incidents taken place during that log on
period
EXTERNAL INTRUSION
1. Web Intrusion
Trojan
Malware
Spyware
2. Mails
As an Attachment
3. IM
During communication
Attachment
Forensic
Onsite search & acquisition of digital/electronic evidence and custody
Filtration and consolidation of data including emails and files
Law Firm consultations including defence strategies Corporate investigations
Expert witness service Computer security, hacker tracking and in-house protection
Computer Forensic Audits to comply with the Sarbannes Oxley Act or as a part
of Information Security Audits
Fraud Investigations
Computer forensics including forensic analysis of all file systems
Email investigations- tracking of malicious / threatening e-mail senders
Establishment of computer forensic labs Creation of incident response teams
(IRT)
Forensic bit stream imaging of various digital storage devices
Training in detection and analysis of digital evidence Intellectual property theft
investigations/ Source code theft investigations
Securitarian Confidential Material
4
5. Forensic Type
Log Forensic:
To Analyse all kinds of log prepared by the operating system and devices
Artifact Forensic:
To Locate and analyse huge number of Artifacts with reference to Chats,
Communications, Web Browsing and File sharing activites occuring in wide
range of softwares
Time Line:
To find out when exactly with date and time any specific event happened on
the system
Forensic Spots:
All types of foot prints consolidations for any unathorised activity happened
on the system
Device Incident Forensic:
Installation / Activation of any External Hardware devices attached to the system
Reversing Analysis:
Decoding / Reverse Engineering of any incident/ activity done on any system
Network Forensic:
To check and investigate who has logged into the system and when
Email Forensic:
Scanning of all emails
Securitarian Confidential Material
5
6. COMPUTER FORENSIC PROCESS MODEL
Plan Aquire Extract Analyse Report
1. Plan
A computer forensics investigation begins with a well defined plan. A right
formatted plan save time, increase the amount of relevant data,and produce the highest
quality results, We work with staff investigators and security personnel to identify and
target sources of evidence, gain an understanding of the case, and apply the proper
procedures.
2. Acquire:
The Acquisition process ranges from complete computer forensic disk
imaging for gathering information from sources in a consistent manner.
3. Extract:
To Extract Bit by Bit Data from the Hard Drives & other such places by using Best
computer forensic software tools is the Backbon of any Forensic task.
4. Analyze:
Even the smallest hard disk drives contain tens of thousands of files.
Seuritarian uses advanced techniques and tools to isolate only the most relevant
electronic data. It is not just the Tools or Software which gives accurate analysis but
the ways and means of extracting and analysing data at the Micro level and then
corelating and consolidating the same for solving the case.
5. Report:
Once the analysis is complete, presenting an understandable, defendable, and
complete report is key. The ability to defend the process and testify to the
methodologies used makes our experts unrivaled in the field of computer
forensics.
Securitarian Confidential Material
6
7. We offer following services:
Computer Forensics including forensic analysis of all file systems
Mobile Forensics for Phone and PDA Analysis
Network Forensics
Incidence & emergency response services
Forensic bit stream imaging of various digital storage devices
Data recovery
Deleted file recovery
Password recovery
Steganography detection
Inappropriate & pornogrpahic content detection & Analysis
Comprehensive search with in hard disks, networks and storage devices
Physical and logical media analysis
Corrupt operating system data retrieval
Voice matching and biometric analysis
Video Analysis & enhancements
Email investigations- tracking of malicious or threatening e-mail senders
Email database analysis
On site acquisition of digital/electronic evidence and custody maintenance
Filtration and consolidation of data including emails and files
Hacker tracking and protection
Digital Fraud Investigations
ediscovery
Content analysis
Securitarian Confidential Material
7