Respond with Digital Forensics & Incident Response (DFIR) effectively to malware infection, hacker attack, fraud, data theft and other criminal or unwanted digital activities with the support of our highly skilled first responders and certified DFIR experts.
Professional Digital Forensics & Incident Response (DFIR)
Our specialized first responder team provides competent and dedicated support so you can respond fast to cyber security incidents. Our incident response service gives you direct access (upon request 24 h x 365 days) to our pool of experts and includes an initial workshop to ensure seamless collaboration.
To prepare for cyber security incidents, we offer incident response/digital forensic readiness assessments and incident response exercises (IREX) & trainings. Our DFIR experts support you in developing or optimizing your individual incident response process including use cases and the corresponding IR playbooks.
If your focus is on a comprehensive investigation of a cyber security incident, our DFIR team comes into play to examine data on digital devices like computers, mobile phones, memory sticks, etc. and to find answers to the questions: who did what, when, where and why (how).
Examples of incidents which may trigger IT forensic investigations are: Malware infection, hacker attacks, data theft, data leakage, fraud, mobbing, intentional deletion of data, possession and provision of digital media with illegal content, etc.
The digital forensic investigation needs to be carried out thoughtfully to avoid that potential legal evidence is irreversibly destroyed or will be rejected in court. IT forensic analyses may be very complex and depend on expert know-how, as well as specialized soft- and hardware, in order to be able to meet legal requirements. Thus, Oneconsult has highly qualified and certified DFIR experts and a well-equipped digital forensics lab.
Are you planning to implement a Security Operations Center (SOC) or would you like to optimize the performance of your current solution? Our DFIR consultants will support you in requirements analysis, design, evaluation, tendering and implementation.
CSIRT emergency contact (office hours):
- +41 43 377 22 90
- Experienced First responder team
- Certified DFIR experts
- Customized SLAs (incl. 24 h x 365 days)
- Pragmatic solutions
- Good practices
- Short reaction time
- Discretion guaranteed
- Court-proof methods and tools
- Level-appropriate communication
- Professional forensics lab
Trusted partner of companies, public administrations and authorities
Oneconsult’s first responder & DFIR expert team supports you in professionally carrying out incident response, forensic investigations, defining your organization-specific digital forensic process incl. use cases and training scenarios and in training various target groups (e.g. IT department, IT security team or CSIRT).
Of course, our incident response and/or IT forensics SLAs are tailored to your individual needs.
Next to individual trainings, we offer the following digital forensics & incident response services:
If business-relevant systems have been infected with malware (for example by a computer virus or a ransomware trojan like CryptoLocker) a fast and effective reaction is critical to take control of the incident. Our professional malware incident response team helps you to:
- Identify and isolate infected systems
- Determine the root cause / gateway of the infection
- Develop short-term measures to control the malware infection quickly and effectively
- Analyze the malware to better understand its behavior and capabilities
- Create an action plan to remove the malware, to avoid and be better prepared for future malware infections
A malware incident response project is usually made up of the following steps:
- Briefing / preparation
- Initial live analysis of the infected infrastructure
- Proposal of short-term measures to master the infection
- Data acquisition with forensic methods and tools
- Analysis of the malware and infected systems with specialized tools and techniques
- Documentation incl. action plan to remove the malware
- Presentation / discussion (optional)
Our customers benefit from a very short reaction time, pragmatic approach and our vast IT security knowhow (malware analysis, APT tests, incident response, client audits, reverse engineering, etc.).
Once an incident has happened that requires digital forensic investigation, a fast and effective reaction is of paramount importance.
Our IT forensic investigation services cover the following specializations:
- Computer forensics: Servers, clients (PCs and notebooks), peripheral devices
- Network forensics: Network components (routers, switches, firewalls, etc.)
- Mobile forensics: Smartphones, tablets, PDAs, cell phones
All digital forensic projects are conducted according to the following systematic process:
- Briefing / preparation
- Pick-up of devices (if applicable)
- Forensic data acquisition
- Data analysis
- Return of devices (if applicable)
- Presentation / discussion
We will provide detailed, reproducible forensic analysis and documentation which can be used in court and ensures absolute data integrity and a complete documentation.
IT forensic readiness (also known as digital forensic readiness) makes sure you are prepared for a digital forensic related incident by guidelines, procedures and further organizational and technical measures.
A digital forensics guideline describes the processes, roles and responsibilities, tools and measures to be prepared in case a digital investigation is required.
Usually the following steps are involved to develop a customized digital forensic readiness concept:
- Initial workshop: Definition of scope and requirements
- Document grinding and interviews
- Workshop: Definition of processes, roles and responsibilities, tools and measures (technical and conceptual)
- Write-up of draft digital forensics guideline
- Review of draft
Based on the digital forensics guideline, the following measures may have to be implemented:
- Tool selection
- Role-based forensic training of staff
- Set-up of digital forensics organization
- Implementation of required logging systems and functions
- Service agreements with third parties
Approach: Digital Forensics & Incident Response (DFIR)
Each of our DFIR projects starts with a kick-off meeting (briefing) to make sure we understand your specific requirements and expectations, agree on basic conditions and clarify open points.
Our DFIR experts hold ISO 27035 Lead Incident Manager, CERT-Certified Computer Security Incident Handler (CERT-CSIH), GIAC Network Forensic Analyst (GNFA), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analysts (GCFA), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Forensic Examiner (GCFE) and GIAC Reverse Engineering Malware (GREM) certifications and also often carry out complex digital forensics & incident response projects. Our clients appreciate our prompt, professional and discrete service. Oneconsult has conducted over 200 digital forensics & incident response projects and has disinfected and hardened thousands of hacked and malware-contaminated systems. We regularly conduct initial operations, incident response missions and digital forensic investigations of all sizes for law enforcement agencies, law firms, corporations and administrations.
For definitions of information and IT security terms please refer to our glossary.
Secure Software Development
The security of software should be one of the primary goals during software development. Security is needed in the whole development process, as defects arise on various levels of the application and are not only part of the program code. Defects may be found in: Architecture/design, application logic, program code, third-party libraries, deployment and configuration. For secure software development, guidelines should be established that contain important points as input and output validation.
In the OSSTMM (Open Source Security Testing Methodology Manual), a de-facto standard for security tests, a flaw is the least serious security hole in the respective risk categorization. It is an unknown factor in the system, which a tester could not identify with the available information within the given time frame (example: unexpected response from a router).
Black Hat (Test Type)
According to NIST SP 800-115, during a black hat test (or covert security test) the IT staff of the systems in scope are not informed about the tests (as opposed to a white hat test), but only upper management (or other relevant parties). This type of test is used for examining IT staff response to security incidents.
OWASP Mobile Top 10
The «OWASP Mobile Top 10» (version 2016) includes a list of the most critical vulnerabilities in mobile applications: Improper Platform Usage, Insecure Data Storage, Insecure Communication, Insecure Authentication, Insufficient Cryptography, Insecure Authorization, Poor Code Quality, Code Tampering, Reverse Engineering, Extraneous Functionality.
A penetration test is an intensive, technical, usually unprivileged security test with a high percentage of manual testing and verification. In some cases privileged tests may be carried out when access information becomes available during the project.