Ethical Hacking
You may be experiencing data loss issues or your employees seem to be getting too many viruses. You might be in an extremely competitive industry and would like to ensure your data and trade secrets are being well protected. Perhaps in the past month your Internet provider has contacted you a couple of times to tell you that one or more of your internal IPs continually have a few hundred sessions open and are mostly one-waying large amounts of company data to an undisclosed host; or just packets of gibberish to congest traffic flow, and the ISP is threatening to shut down your connection unless you clean it up. Hearing about all the potential risks in "cyberspace," you may want to have your network (and/or non-network devices) checked out for vulnerability just to be cautious and as well protected as possible. You may not know when an employee is communicating to an online acquaintance who is committing romance or confidence fraud, which can be a liability for your company.
According to the most recent FBI Internet Crime Report, based on information from their Internet Crime Complaint Center; in 2023, trending scams such as BEC (Business Email Compromise), ransomware, tech support fraud, and extortion totaled 800,418 complaints with reported business losses in excess of $12.5 Billion.
Digital Forensic Investigation
Who outsources digital forensic investigation services? Local authorities and law enforcement who don't have their own digital forensic investigative divisions or equipment; organizations; businesses and attorneys. Here are a couple of general examples
Computer / Network (general business owner/board of directors example)
Your business may have a pending or potential legal issue and your attorney requested that you get authentic forensic images of selected PCs or devices of users in your company who may be associated with the issue; so that counsel can keep the studies on file in case they need them at a later date. We can take legal forensic images of the PCs and prepare the necessary documentation for you to submit to your attorney.
Computer / Network (defense attorney example)
You’re working on a case where a PC forensic investigation was performed by the state due to a complaint about a user changing information on a municipal/district/school server to benefit himself or someone in his family. This led to process/legal action by the state. The testimony/reports submitted by the technology director of the municipality/district/school includes video surveillance footage of the user entering his office at a certain time and leaving his office some time later. It also shows that the information on the server was changed during the time the user was in the office, and that the user’s PC, static LAN IP address and username were registered on the server for the entire time he was in the office. It may seem like the prosecuting attorney, state and technology director have your guy pretty much “tied up.”
But why rely on their side’s investigation? We would recommend doing your own investigation to try and uncover additional evidence that may turn the case around. At the very least we can review, diagnose, check authentication, and look for inconsistencies in the forensic studies performed by the state and in the testimony/reports prepared by the tech director. For example, after gleaning all the LAN IPs logged onto the server that day, we may ask you to get permission for us to grab a report from the firewall/gateway on the network and check all the originating statics that were active at the exact time the changes were made on the server and not accept that the changes were made sometime within the broad range of time the user was in his office.
It turns out that the technology director’s computer was the originating Static IP that made the changes, and the same static IP opened a remote desktop session on the user’s computer (to make it look like the user was changing the information on the server); approximately 30 seconds before the changes were made, and then closed the remote desktop session approximately 30 seconds after the changes were made on the server. Got ya!!
Please call or click here for more information about our cybersecurity services.