Network Forensics

In response to the escalation of cyber-attacks, Computer Services Ltd has designed a Network Forensics Retainer Program specifically for emergency response in the event forensic data collection and analysis is required. The subscription program includes remote evidence collection, investigation, analysis, and detailed forensic reporting.

CSL’s Network Forensics Services include:

• • • Network forensic response within two (2) business days of notification
    • Network data collection of target system(s)
    • Log forensics analysis including, but not limited to:
      1. 1. Indicators of compromise (attack vectors)
         2. Time frames of intrusion events
         3. Extent/impact of compromise
    • Comprehensive Network Forensics Report

Our network forensics investigations include fourteen (14) key target data sources that are analyzed to collect and secure forensic evidence.

Purpose

The purpose of network forensic analysis is really quite simple. It is typically used where network attacks are concerned. In many cases, it is used to monitor a network to proactively identify suspicious traffic or an impending attack. On the other side, it is used to collect evidence by analyzing network traffic data in order to identify the source of an attack.

A usual forensic analysis will follow these steps:

• • • Identifying a security threat or attack.
    • Collecting and preserving the evidence.
    • Examining the data that has been gathered.
    • Analyzing collected data and creating conclusions from that data.
    • Presenting the conclusions made.
    • Responding to the incident to initiate a clean-up.