Copy Memory and Drives.
Weather its single system compromise or enterprise wide intrusions we help you recover from each incident while minimizing impact. We preserve, collect, analyze and process electronic evidence.
What does it do.
We analyze malware via a sandbox or live-mode analysis and isolate its unique characteristic that we can then use to search for other infected hosts.
Packets Packets Packets.
From an internet traffic capture the application layer data contained can be extracted. For example, email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on.
I see foot steps.
Network pcaps, and host artifacts are use to generate a super timeline that is used recreate the events that lead to the initial compromise.