Incident Response and Digital Forensics

Our Incident Response and Digital Forensics focuses on identifying the root cause of the problem by conducting comprehensive digital forensic analysis. In addition to preventing future attacks, Eon IT Consultants also work with our customer to conduct forensic analysis to evaluate past security breaches, up to the identification of root cause. We believe its very important to evaluate each incident and document its absolute root cause to make to it doesn’t happen again. Incident and response handling procedures, including determination of the incident source and digital forensics investigations are few of the top services we offer to our customers.

Forensic artifacts can be lost simply by IT personnel cleaning compromised machines. Just because a virus of Trojan was detected does not mean that it was not successfully running undetected and ex-filtrating data. Eon IT can provide full static and dynamic malware analysis, including sandbox analysis.

Advanced Persistent Threats (APTs) are the most common vector of malware infections. Attacks are highly customized towards financial digital elements of today’s businesses. This threat exploits weaknesses in humans and technology. The biggest institutions and governments have been hacked, and took them longer time to detect it. These enemies behind the gate are much harder to control and track, since they are using assigned privileges and roles to obtain information and ex-filtrate them, but with our unique skillset we’re able to track and quarantine the threat.

This analysis examines log reports, compares backups to identify modifications to the network, and investigates the introduction of foreign software tools to help identify intruders, determine the extent to which the network has been compromised, and mitigate potential damages from the intrusion.

By properly investigating the root cause of every action we can help organization better documenting the corrective actions to ensure it doesn’t happen again and assure that there is no backdoor planted via causing a short term disruption.