If you have any questions or comments regarding the services we provide, or for any other inquiries, please click on the button below located on the right hand side. Fill out the form and one of our representatives will contact you within the next business day.
Digital Wyzdom is pioneering “Cyber CSI,” or Incident Reconstruction Services. Cyber CSI investigates a number of incidents, including: corporate espionage, malware, amateur hacking, and fraud—the entire gamut of digital mis-deeds.
And like traditional CSI, the basic principle of forensics still applies: everything leaves a trace. Cyber CSI is the cutting-edge of information technology forensics.
The nature of computers, software, and global networks is getting more and complicated, making ever more opportunities for criminals and leaving organizations vulnerable. Security breaches and attacks, however, are progressing in lock-step with complicated technology.
Further, police resources globally are strained; there simply are not enough investigators. Unlike in the physical world, you first have to find the crook in cyberspace. For the most part, the burden of investigation for breaches, attacks, malware, and fraud falls to organizations themselves. For this reason, “In cyberspace, crime often does pay—and pay handsomely.” The spoils of cyber attacks are not always money. Increasingly, the object of desire is information such as intellectually property, competitive intelligence, and classified information.
Each year, there are thousands of reported security breaches; thousands more are either not reported—or not discovered, until it is too late. The risks are real and no organization is immune.
RE-CREATING INCIDENTS IN THE LAB
In certain circumstances, it is extremely helpful to re-create the events of a crime, in the sequence that they occurred in, in a controlled digital forensic lab. Digital Wyzdom now offers Cyber CSI services. Just like with traditional crime scene investigations, Cyber CSI leverages the old adage “think like a criminal” to get to the heart of an incident. Cyber CSI tells forensic IT investigators what a so-called Trojan Horse or a “back door” actually does and how it behaves.
Who did what, when, and why? What were the intended consequences? What were the unintended consequences? Who benefitted? And what can be documented and proven in a court of law? Equally important, how does an intrusion or malware, for example, affect the clients’ computers, data, and IT infrastructure? Although the number of IT forensic tools is steadily increasing, there is little in the way of automated forensic detection software. To get to the bottom of incidents, you need seasoned, detail-oriented forensic experts who know what they are looking for, like the forensic investigators at Digital Wyzdom.
Because crooks and criminals are getting more and more sophisticated when conducting cyber attacks on organizations, a whole new industry has been born: anti-forensics. Anti-forensics was first noted as a legitimate field of study around 2005. Whereas the purpose of forensics is to uncover the details of a crime, the purpose of anti-forensics is to make it hard for forensic investigators to find criminals—and impossible for them to prove they found the criminals who perpetrated your breach or crime.
Anti-forensics methods are often broken down into several sub-categories to make classification of the various tools and techniques simpler. They include: data corruption, data obfuscation, data hiding (such as steganography and encryption), evidence wiping, file packers or “wrappers,” and advanced or blended threats. Attacks against forensic tools themselves are called counterforensics.
For these reasons, anti-forensics is a forethought, not an afterthought at Digital Wyzdom.