Cyber Incident Support
A forensic investigation of digital evidence is commonly employed as a post incident response to a cyber-attack or any other computer related crime. Eurofins provides a professional cyber incident response service. The focus of this service is to bring businesses which have suffered a cyber attack back to an operational state in the shortest time possible, while protecting, preserving and analysing any forensic evidence in order to rapidly establish the degree and causes of loss.
On-Call Cyber Incident Response
Our cyber incident response is an organised approach to address and manage the aftermath of a security breach or attack (also known as incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
We provide on-site cyber investigation, digital device seizure, imaging and analysis services at any location specified. We have vast experience in on-site operations, forensic imaging on-site, on-line server acquisitions and on-site analysis. Our corporate case and law enforcement portfolio has led us to investigate a wide range of cybercrime, breaches and computer misuse including but not limited to fraud, murder, rape, child abuse, contentious insolvency and intellectual property theft.
We recommend a step by step process that should be followed when an incident occurs. This process is designed to support any incident and minimises the damage to the integrity of any evidence.
Five steps to handling an incident most effectively:
Our cyber incident response service is activated to decide whether a particular event is, in fact, a security incident.
Our team determines how far the problem has spread and contains the problem by disconnecting all affected systems and devices to prevent further damage. This will be done in conjunction with the users.
The team investigates to discover the origin of the incident. The root cause of the problem and recommend what to do next.
Normal systems are restored and everything is functioning correctly.
Our teams analyse the incident and how it was handled, making recommendations for better future response and for preventing recurrence enabling us to modify our responses and make them even more robust.
Types of cyber-attacks Investigated
- Use of Malware
- Network Attack inc Denial of Service
- Network Intrusion
- Unauthorized Access
- Illicit Distribution
- Insider Activity
- Extortion, Fraud & Phishing Attempts
- Hacking Operations
- Stolen/Leaked Data - Personal, Financial - illegally copied or taken from a business or other individual
- Intercepted Communications - Electronic surveillance, compromised emails, eavesdropping
- Data Altered/Destroyed - deleted files and comparison of files architecture
- Damaged Reputation - Often related to times when accounts are taken over and used to spread slanderous / misinformation that effects the reputation of an individual or company
- Fraud - Identity theft by using individual's information to make purchases/makes changes to their bank account etc
- Vandalism - Website defacement, addition, removal, or other modification of the text or other material that is either humorous, nonsensical, offensive, humiliating, or otherwise degrading nature
- Social Media accounts, Email Accounts, User Accounts, Cloud Accounts
- Point of Sale Systems/Software, Consumer Electronics/Home Appliances
- Network Equipment, Firmware, Operating Systems, Mobile Operating Systems,
- Web Browsers and browser add-ons/plug-ins - Internet Explorer, Google Chrome, FireFox
- Communications Software - All remote access, file exchange (FTP clients), and messaging software clients including email clients and instant messaging/chat - Outlook Express, Gmail, File Sharing, Messenger & Online Chat
- Productivity Software - Word processing, database, spreadsheet, and all other office/end user productivity applications - MS Office, Photoshop, Adobe Acrobat
- Development Software – Application and web development software, programming software and APIs - Java, Adobe ColdFusion, Jboss Application Server
- Cloud Services/Applications - Anything-as-a-Service. This category also includes applications hosted on websites, web 2.0, HTML5 and ASP apps - Amazon Cloud Drive, iCloud, Evernote, Dropbox, CryptoCat, Pandora, Talkr
- Content Management Systems - Website management software and plugins - Wordpress, Joomla, Datalife, vBulletin
- Data - Digital assets, includes documents, records, database contents, intellectual property, cred card information, PII, account credentials - Electronic health records, source code, customer data, SMS messages
- Wireless Networks - Any wireless local area network (WLAN), usually providing a connection through an access point to the wider Internet
- Websites/Forums/Blogs - A public site for a company/business or any other entity. Frequently the target of defacements
Storage Device Examinations