Cybercrime Investigation and e-Forensics
Response to Internet Crime and Insiders
Our computer crime forensics and investigations are delivered with speed, expertise and absolute confidentiality.
- We can determine what and how much information has been compromised during internal security incidents or external attack.
- Tracing and identifying who has made the attack and how it was executed, helping prepare materials for legal proceedings against the attackers.
- Absolute discretion and quality of service is assured: High-Tech Bridge is trusted by the banks, FT500 companies and international organizations since 2007.
The most common types of fraud and cyber crime incidents we investigate are:
- Compromised systems, applications, servers and network devices
- Machines infected by viruses, Trojan horses and rootkits
- Denial of Service attacks against corporate infrastructure
- Phishing and social engineering attacks against corporate users
- Fake or confidential information spreading in the Internet
- Confidential information leakage and malicious activity by insiders
- Privilege escalation, unauthorized access to sensitive information
- Information and date destruction or other damage to corporate resources
- Industrial and commercial espionage
- On-line trading of counterfeit corporate products
- On-line abuse of trademarks, licenses and copyright
At High-Tech Bridge we will help you to:
- Repair the negative consequences of a hacker attack, fraud or insider activities
- Identify security weaknesses and vulnerabilities used during the attack
- Find the real source of the attack
- Provide you with evidence and assistance to support the start of legal action.
Depending on client specific needs, computer forensic investigations can require several steps:
Each security incident requires a detailed and fast investigation in order to minimize losses, find the guilty parties and prepare all the necessary materials for law enforcement agencies. Investigations can also help to prevent similar issues arising in the future.
If the incident involves usage of malware, a malware analysis and reversing phase is required. After that our experts will start log analysis, or log recovery process, if logs were deleted by the intruders.
After a complete report of the incident is made and the source of the attack can be identified, all the information obtained during the investigation process can be transmitted to law enforcement agencies to begin the legal process.
Hackers often perform their attacks through several previously compromised systems in order to hide the real source of attack. In this case, our experts will start a step-by-step investigation, in cooperation with international law enforcement agencies, to follow the criminal chain back to its source, restore the logs and find the real attackers.
Quite often during forensics we detect various backdoors, Trojan horses, rootkits and other malware used to steal sensitive data from corporate networks. It is very important to understand the behavior of such malware in order to trace the attackers, understand how the system was compromised and to find out which information was copied, deleted or modified.
Usually the following framework can be applied for malware analysis:
- Creation of a secure sandbox (absolutely isolated and controlled environment)
- Implementation of network and local monitoring mechanisms of the sandbox
- Execution of malware inside of the sandbox under thorough control and logging
- Creation of various conditions in the sandbox to activate hidden functions of malware
- Detailed analysis of malware behavior and reaction to certain events
It is very important to understand the following properties of a malware:
- Malware activation and start-up mechanisms
- Malware management and remote control mechanisms used by attackers
- Encryption algorithms used for communication with remote attackers
- All local modifications performed by the malware
(e.g. files, registry, kernel, boot sectors of hard disks)
- All local activities performed by the malware
(e.g. process creation and management, firewall and antivirus bypass)
- All network activities performed by the malware
(e.g. communication and data exchange with C&C server)
As all of the above-mentioned aspects are evaluated, our security experts can trace the attackers who control the malware and continue with their incident investigation process.