Forensic investigation

Synetis CERT experts have been trained to intervene rapidly when an information system has been compromised. The forensic investigation is a key step and above all necessary to try to understand how such an event could have occurred but also to have the most precise analysis possible on what the attackers were able to achieve within the IS itself.

Forensic analysis aims to build a chronology of events from a few days before the date of the compromise to a few days after its detection. Knowing the vector of attack and the extent of the damage will then make it possible to target the remediation plan more quickly.

Whether it is a simple workstation or an entire information system, a resumption of activity can only take place in complete security when all the elements linked to the compromise have been analysed and identified.

“No Information System is infallible, finding the source of intrusion is paramount. “It is on this rule that Synetis has built its post-investigation offer (Forensic) and with this logic that it has been conducting for years fruitful investigations with its clients of all sizes.

The Forensic reactive approach of Synetis experts helps to isolate the attack and answers these questions:

  • Who’s attacking?
  • What are the consequences?
  • How did he get into the IS? Which vectors are used?
  • What are its objectives?
  • When did the infection start? How is it spreading?
  • Which systems are affected?

Synetis’ Forensic teams are able to search for post-intrusion information concerning an attack that has affected a customer’s IS, to analyze an incident that has occurred in production. Below is a non-exhaustive list of possible services for Forensic missions by Synetis experts:

  • Assistance in the management of the security threat and incident, provision of expertise
  • Detecting the extent of the infection
  • Threat Identification
  • Construction of the Infection Timeline
  • Incident analysis, threat analysis, physical systems reviews and incident response
  • Identification of entry points, vectors of infection
  • Post-mortem analysis of the incident, threats and vulnerabilities
  • Use of Reverse Engineering and decompilation tools for static analysis
  • Use of virtual machines for dynamic analysis
  • Identification of IOC and vulnerabilities
  • Comparison with our IOC base or publicly available bases
  • Identification of VECs used or 0day
Build your
Cybersecurity
with Synetis!

These articles may be of interest to you: