Synetis CSIRT specialists have been trained to intervene quickly if an information system has been compromised. The Forensic investigation is a key step and is especially necessary to try to understand how such an event could have occurred but also to have the most accurate analysis possible as to what attackers were able to do once they entered the IS itself.
The purpose of Forensic Analysis is to build a chronology of events from a few days before the date of the compromise to a few days after its detection. Knowing the vector of attack and the extent of the damage then makes it possible to more quickly target the remediation plan to be followed.
Whether it is a simple workstation or an entire IS, a recovery can only be carried out in complete security when all the elements linked to the compromise have been analyzed and identified.
“No Information System is infallible, finding the source of intrusion is paramount. » This is the golden rule on which Synetis built its Forensic service, and it is underpinned with this logic that Synetis has been carrying out, for years, fruitful investigations with its customers of all sizes.
The Forensic reactive approach of Synetis specialists helps to isolates the attack, and answers these questions:
- Who is/was behind the attack?
- What are the consequences?
- How did the attackers enter the IS? What vectors were used?
- What are the objectives?
- When did the infection start? How did/is the infection spread(ing)?
- Which systems are affected?
The Synetis Forensic teams are able to search for post-intrusion information concerning an attack that has affected a customer’s IS, to analyze an incident that has occurred in production. A (non-exhaustive) list of Forensic services that can be provided by Synetis specialists include:
- Providing assistance with the management of the security threat and incident. Providing expertise
- Detecting the scale of the infection
- Identifying the threat
- Creating the infection timeline
- Incident analysis, threat analysis, physical systems reviews and incident response
- Identifying entry points, vectors of infection
- Post-mortem analysis of the incident, threats and vulnerabilities
- Reverse Engineering and decompilation tools for static and dynamic analysis.
- Virtual machines for dynamic analysis
- Identifying Indicators of Compromise (IoC) and vulnerabilities
- Making comparisons with our IoC database or publicly available databases
- Identifying any Common Vulnerabilities and Exposures (CVEs) or zero-days used