Data Breach Forensics
In-depth root cause discovery will help us to understand a breach’s impact on your organization. We will extract Indicators of Compromise (IoCs) for subsequent monitoring, detection, and threat hunting.
Court-Admissible Evidence and Expert Witness
We ensure the availability and guarantee the authenticity of data and information for law enforcement investigations. The evidence provided by our team is always admissible in court.
Our digital forensics experts have played a key role in a wide range of criminal cases involving a digital element. These include organized cybercrime, online money laundering schemes, cyberstalking, data breach litigation, digital extortion, ransomware hacking incidents, DDoS attacks, and more.
Mobile Forensics Services
A critical component of many forensic cases is extracting information and data from mobile devices. We can answer questions about phone calls, various chat messages, images, videos, and hidden stored artifacts. Geolocation GPS and EXIF metadata stored on mobile devices can provide significant forensics value as well.
Methods for collection and examination are constantly changing. Our New York-based computer forensics laboratory is an industry trendsetter in the methodologies used.
Memory Forensics Services
Advanced threat actors are using memory implants. This is malware that resides and lives only in the memory of digital systems. This tactic avoids leaving artifacts of compromise on the computer’s hard disk drive. Many nation-state attacks are leveraging memory malware and covert operations to avoid detection. Our New York laboratory has developed a unique proprietary methodology to discover memory implants.
Network Forensics Services
Detecting malicious network traffic in intrusion detection systems and live network streams is very dependent on communication protocols. It involves decoding and extracting meaningful artifacts, metadata, and data. Network protocol forensics and automation of the process is done with MantOS, an operating system developed by the LIFARS team, which provides a comprehensive collection of proprietary and public domain tools.
The New York-based computer forensics laboratory developed methodologies to detect nation state attacks in real time through network communication IoCs. Additionally, artificial intelligence and machine learning algorithms profile malicious network traffic.
Learn why SecurityScorecard is the best choice for cybersecurity and compliance.
Continuously monitor cybersecurity compliance across your entire ecosystem.
01/20/2022 SecurityScorecard ALERT: CISA advisory – Prepare for data-wiping cyberattacks. Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats: DOWNLOAD HERE 01/11/2022 SecurityScorecard ALERT: CISA, FBI, and NSA Cybersecurity Advisory: Mitigating Russian State Sponsored Cyber Threat –DOWNLOAD PDF HERE 12/14/2021 SecurityScorecard ALERT iPhone Security Vulnerability: The iOS 15.2 update fixes 42 serious security vulnerabilities. Update as soon as possible before attackers strike. Update details: https://lifa.rs/iosupdatealert 12/13/2021 SecurityScorecard ALERT: Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation. Review the Apache Log4j 2.15.0 Announcement HERE. Upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately. 12/8/2021 SecurityScorecard SMS ALERT: SonicWall has released a security advisory to address vulnerabilities affecting SonicWall Secure Mobile Access (SMA) 100 series appliances. A remote attacker could exploit these vulnerabilities to take control of an affected system. View SonicWall Advisory 12/3/2021 SecurityScorecard SMS ALERT TLP: WHITE FBI and CISA warning APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk DOWNLOAD PDF HERE 11/22/2021 SecurityScorecard SMS ALERT – FBI, CISA, and CGCYBER have reports of malicious cyber actors using exploits against CVE-2021-40539 to gain access to ManageEngine ADSelfService Plus DOWNLOAD PDF HERE 11/19/2021 SecurityScorecard SMS ALERT TLP:WHITE – FBI Issues Flash Alert on Actively Exploited FatPipe VPN Zero-Day Bug. Zero-day vulnerability enables a remote attacker to upload a file to any location on the filesystem on an affected device: https://lifa.rs/fbiflashalert 11/16/2021 SecurityScorecard SMS ALERT: Chrome vulnerabilities have been discovered. Google has released Chrome version 96.0.4664.45 This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Upgrade now. 11/14/2021 SecurityScorecard SMS ALERT FBI Update – A software misconfiguration temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails: https://lifa.rs/fbibreechupdate 11/13/2021 SecurityScorecard SMS ALERT: FBI Server hack. Beware of emails impersonating FBI warnings that your network was breached. Messages may come from: “[email protected]” Subject: “Urgent: Threat actor in systems.” Email IP address 153.31.119.142 (mx-east-ic.fbi.gov)