Digital Forensics Disciplines
During an investigation, whether for insider misconduct, employee termination, or malicious attack, endpoint forensics is something you want to get right the first time. Rendition’s forensics experts are ready to tackle your most challenging investigations, even those involving the malicious use of antiforensics technologies.
Endpoint forensics can help the organization determine the scope of the attack, data accessed, and the intrusion vector (if applicable). Rather than guessing at what data was taken, with host level forensics the organization can be sure – and react appropriately.
Endpoint forensics can also play a critical role in employee termination cases. Endpoint forensics can identify violations of employment contracts and cut a wrongful termination suit off (or discourage one from ever being filed).
Overall endpoint forensics is about eliminating guesswork. Let Rendition help turn “we think” into “we know.”
Rendition Infosec has experience with a number of open source and commercial network forensics platforms. Our analysis analyzing network traffic in client environments. Network forensics can help identify insider threats, remote compromises, attackers who have breached the perimeter, and device misconfigurations.
Device and software inventory are #1 and #2 on the SANS 20 Critical Security Controls. Yet most organizations do not understand the devices and software in their networks. Network forensics can help organizations build these inventories or audit/augment existing inventories.
Network forensics also helps organizations scale endpoint forensics. Endpoint forensics, while very valuable, require in-depth analysis and do not scale well to hundreds or thousands of endpoints. Network forensics helps businesses scale out their endpoint forensics capabilities.
Memory forensics recovers the some of the most and volatile data present in any forensics discipline. While endpoint forensics can tell the investigator what may have been running on a machine, memory forensics answers with ground truth. It’s like the difference between a hunter tracking an animal by looking at broken branches and having a video of the animal moving through the brush. Simply put, memory forensics answers questions that cannot be answered with any other forensic discipline and does so faster than most others.
Rendition is a leader in memory forensics investigations. Rendition’s founder is the co-author of an industry leading course in memory forensics. Rendition’s founder is also the author of the only publicly released memory anti-forensics framework, a code base that has changed how investigators in the field look for signs of evidence tampering.
Even in organizations where other forensics disciplines are practiced, Rendition frequently finds that memory forensics investigations are neglected. However, we frequently find that when the memory component is added to the investigation, the gains are substantial. Let Rendition help you get better quality answers with less overhead in your investigations with our memory forensics capabilities.