504ENSICS Labs services can be utilized by many different companies. We can help lawyers with a variety of cases through our digital forensics investigative capabilities. Companies required to ensure their networks are protected against a myriad of vulnerabilities can use 504ENSICS Labs to prevent a breach with penetration testing and network auditing. If your security it compromised, we can help with the clean up. Incident and malware analysis will investigate what was lost and how. We will even help shore up your defenses. Check out in greater detail our list of services. Please contact us at [email protected] if you have any questions about how we can work with you.
Digital Forensic Investigation
Whether for civil litigation or internal corporate investigation, the experienced 504ENSICS analysts can assist you with all of your investigative needs. Our expert practitioners have years of experience with cases involving contract disputes, employee theft, destruction of evidence, and more.
Further, we are researchers who often disseminate our Digital Forensics research at top conferences around the country. As a result of our active research, we develop tools and techniques that are used throughout the digital forensics community, including the free and open source Scalpel file carver, Registry Decoder for Windows registry analysis and Lime for Android memory acquisition. Being both practitioners and researchers uniquely qualifies 504ENSICS to serve all of your digital forensics needs including:
- Forensically sound evidence collection and preservation
- Forensic analysis of many types of digital devices including desktops, laptops, servers, mobile devices, printers, DVRs, etc.
- Investigative services for civil litigation, and internal corporate investigation involving IP theft, HR issues, fraud detection, etc.
- Conduct analysis to determine user activity, construct timelines of events, perform keyword search, recover deleted data, determine if evidence has been destroyed, authenticate documents and more
- Generate detailed reports
- Provide expert testimony
Network Security Audit / Penetration Testing
Malicious actors are constantly utilizing new attacks to compromise the security of your networks. In order to appropriately manage the risk of breach, you must have a firm understanding of your current security posture. The best way to acquire this understanding is to have experts employ the same tactics used by real attackers to try and infiltrate your networks. At 504ENSICS, our trained security analysts leverage cutting edge techniques to attempt to compromise network assets using our comprehensive testing methodology. Once we have discovered the avenues that attackers can use to gain unauthorized access, we work with you to plug the holes and then re-test to make sure the remediation steps taken were effective.
- Internal and external network testing
- Determine number and type of live network assets in specified scope
- Determine OS and service versions, patch levels, and security configuration of network assets
- Discover vulnerabilities present on hosts
- Exploit vulnerabilities (for penetration testing)
- Social engineering engagements
- Network attacks based on spoofed websites and phishing emails
- Physical attacks based on rogue access points and dropped USB and CD media
- Phone call attacks with spoofed numbers and identities
- Default client configuration assessments
- Test effectiveness of AV, HIDS/HIPS, DLP
- Determine default network access given to employees
- Test basic security configuration including patching, password policy, account privileges
- Suggest techniques for remediation
- Remediation verification
Even when taking the proper steps to defend your networks, breaches can still occur. After detecting an attack, containing it, and cleaning up the aftermath there are often many questions to be answered. What (if anything) was taken? Where did the attack originate? Were we specifically targeted? 504ENSICS security analysts have the skills required to perform thorough investigations of compromises, including artifacts on hard drives, in memory, and in network captures. Using these skills, we can often provide answers that can go a long way towards helping fend off future attacks, or be provided to law enforcement to aid in the pursuit of the attackers.
- Post-incident image acquisition of compromised assets
- Attempt to determine date, method, origin and extent of breach
- Discover what may have been exfiltrated
- Suggest remediation steps
Malware in common use today is extraordinarily complex. This complexity derives from the malware’s function: rootkit, botnet, keylogger, etc. as well as from the great lengths the authors go to in order to obscure that function. Obfuscation can be in the form of packers, code-level manipulations, detecting debuggers and sandboxes, and a nearly limitless number of other techniques. Two main types of analysis are typically used: static analysis which looks at the malicious binary (e.g., exe file) itself, and dynamic analysis which looks at the running malicious executable and its effect on the live system. Our security analysts leverage these techniques as well as other hybrid approaches to determine function and intent of malware, and report these results back to you.
- Determine the function of malicious code/programs
- Use a mix of static and dynamic analysis and reverse engineering
Custom Research and Development
We are well equipped to perform new research and associated development across many specialties in the computer security and digital forensics space. Our security researchers are constantly developing innovative tools and techniques to support digital forensics investigations, malware analysis, data recovery, penetration testing and more. Some of our recent efforts are differential analysis of malware in memory, reverse engineering the Spotlight search index, advanced Android memory forensics, and new file carving research. Take a look at our Computer Security and Digital Forensics Research for details.
We offer customized training at levels from beginner to advanced on techniques in digital forensics, general computer security, security awareness, and related disciplines.
Protecting sensitive data from threats both internal and external is a difficult problem because there are a number of ways to transfer such data, including email, printing, web-based uploads and others. Data Loss Prevention solutions attempt to limit the flow of sensitive data in an environment by restricting its movement. These DLP systems are difficult to correctly configure so that sensitive data is restricted while business needs can still be met. This often results in an overly permissive implementation policy, which puts sensitive data at risk. In this assessment, we attempt to discover sensitive data such as account numbers, PII, and credit card numbers, and transfer it using a number of methods, including:
- Mail server based email (Exchange)
- Web-based email
- File upload services
- Hardware: CD, DVD, USB
- Mobile device storage
- Mobile device network access
- FTP, SFTP
- Screen capture
The result of this assessment is a comprehensive report on what sensitive data was discovered, which methods of transfer were successful, which were unsuccessful, and for the unsuccessful methods, whether they were detected, or blocked.
Basically DLP is a fancy industry term that means that we try to stop insiders from (even accidentally) leaking sensitive information. This is accomplished by technical controls (e.g., preventing USB storage devices from being attached) and scanning. For scanning, what we do is run a search on a subset of the companies computers that looks for things like social security number, credit cards, etc. that should be not stored unencrypted.