Home  >  Computer Security Incident Response Team   > Digital forensic

Digital forensic

This service covers the retrieval of the elements allowing to constitute an investigation case, the analysis of the elements collected during an incident as well as the restitution of the facts and the analyses in the form of a report. This service can be associated with a service of incident response..

Steps

You will find below the steps constituting our digital forensic service:

  1. Context retrieval.
  2. Data ingestion in our tools.
  3. Data analysis.
  4. Restitution of a first preliminary report.
  5. Writing of the final investigation report.
  6. Restitution of the final report.

Checkpoints

OS

  • Suspicious file writes/modifications.
  • Persistence creations/modifications.
  • Antivirus detections.
  • Use/presence of attack tools.
  • Exploitation of public vulnerabilities.
  • Suspicious authentications or authentication attempts.
  • Suspicious command executions.
  • Process overuse.
  • Suspicious web browsing.
  • Suspicious cloud synchronization.
  • Receiving suspicious emails.
  • Device connections.

Network activity

  • Contacting suspicious IP/domains.
  • Uploading large amounts of data.
  • Unconventional data transfers.
  • Suspicious incoming/outgoing traffic from a host.
  • Suspicious connections.
  • Traffic manipulation.

Contact

🕑 9:30 AM - 6:30 PM CET/CEST
📅 monday - friday
📞 +33 (0)1.88.333.725
📧 csirt@cogiceo.com
🔑 COGICEO CSIRT PGP key
Key ID 8031 61C4 3EAB F642
Fingerprint 434E 6D2B D789 82A8 DF25 D2C7 8031 61C4 3EAB F642