Geneva: +41 (22) 723 2424  |  San Francisco: +1 (415) 659 1861  |  
Request Quote
*
*
*
*
*
*

Stay in touch

Enter your email and get the latest news and researches on cybersecurity, receive invitations to private security events and conferences.

Cybercrime Investigation and e-Forensics

Computer Crime Investigation and Digital Forensics

Response to Internet Crime and Insiders

Our computer crime forensics and investigations are delivered with speed, expertise and absolute confidentiality.

  • We can determine what and how much information has been compromised during internal security incidents or external attack.
  • Tracing and identifying who has made the attack and how it was executed, helping prepare materials for legal proceedings against the attackers.
  • Absolute discretion and quality of service is assured: High-Tech Bridge is trusted by the banks, FT500 companies and international organizations since 2007.

The most common types of fraud and cyber crime incidents we investigate are:

External Incidents

  • Compromised systems, applications, servers and network devices
  • Machines infected by viruses, Trojan horses and rootkits
  • Denial of Service attacks against corporate infrastructure
  • Phishing and social engineering attacks against corporate users
  • Fake or confidential information spreading in the Internet
  • Blackmailing

Internal Incidents

  • Confidential information leakage and malicious activity by insiders
  • Privilege escalation, unauthorized access to sensitive information
  • Information and date destruction or other damage to corporate resources

Counterfeiting Incidents

  • Industrial and commercial espionage
  • On-line trading of counterfeit corporate products
  • On-line abuse of trademarks, licenses and copyright

Forensics Process

At High-Tech Bridge we will help you to:

  • Repair the negative consequences of a hacker attack, fraud or insider activities
  • Identify security weaknesses and vulnerabilities used during the attack
  • Find the real source of the attack
  • Provide you with evidence and assistance to support the start of legal action.

Depending on client specific needs, computer forensic investigations can require several steps:

computer forensics investigation process

Each security incident requires a detailed and fast investigation in order to minimize losses, find the guilty parties and prepare all the necessary materials for law enforcement agencies. Investigations can also help to prevent similar issues arising in the future.

If the incident involves usage of malware, a malware analysis and reversing phase is required. After that our experts will start log analysis, or log recovery process, if logs were deleted by the intruders.

After a complete report of the incident is made and the source of the attack can be identified, all the information obtained during the investigation process can be transmitted to law enforcement agencies to begin the legal process.

Hackers often perform their attacks through several previously compromised systems in order to hide the real source of attack. In this case, our experts will start a step-by-step investigation, in cooperation with international law enforcement agencies, to follow the criminal chain back to its source, restore the logs and find the real attackers.


Malware Analysis

Malware Analysis

Quite often during forensics we detect various backdoors, Trojan horses, rootkits and other malware used to steal sensitive data from corporate networks. It is very important to understand the behavior of such malware in order to trace the attackers, understand how the system was compromised and to find out which information was copied, deleted or modified.

Usually the following framework can be applied for malware analysis:

  1. Creation of a secure sandbox (absolutely isolated and controlled environment)
  2. Implementation of network and local monitoring mechanisms of the sandbox
  3. Execution of malware inside of the sandbox under thorough control and logging
  4. Creation of various conditions in the sandbox to activate hidden functions of malware
  5. Detailed analysis of malware behavior and reaction to certain events

It is very important to understand the following properties of a malware:

  1. Malware activation and start-up mechanisms
  2. Malware management and remote control mechanisms used by attackers
  3. Encryption algorithms used for communication with remote attackers
  4. All local modifications performed by the malware
    (e.g. files, registry, kernel, boot sectors of hard disks)
  5. All local activities performed by the malware
    (e.g. process creation and management, firewall and antivirus bypass)
  6. All network activities performed by the malware
    (e.g. communication and data exchange with C&C server)

As all of the above-mentioned aspects are evaluated, our security experts can trace the attackers who control the malware and continue with their incident investigation process.