Scope of provided service.
V4ensics digital forensics service is an advanced information security service targeted to post-incident management of information-technology associated incidents.
Due to the nature of such incidents and their impact, the service is not purely technical but, in most cases, also addresses legal and regulatory issues.
To this end, this service helps v4ensics customers:
- realise the extent of an incident,
- determine the methods and means used by the associated adversary / culprit,
- assess the actual consequences of an incident,
- mitigate the impact of an incident from all aspects (organizational, cyber and legal),
- perform relevant legal actions
- implement measures to prevent similar future incidents from re-occurring.
The service aims to assist you in tackling incidents, which involve information technologies, by providing investigation of any given incident in a forensically sound manner and producing reports that can be utilized in a court of law or afront competent authorities, should it be needed, as well as assisting you in relevant legal procedures.
Digital forensics based on NIST1 is: “… the application of computer science and investigative procedures involving the examination of digital evidence – following proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possibly expert testimony”.
The above highlights that digital forensics is not a strictly cyber process. In today’s rapidly changing technological and legal environment organizations need to:
respond to incidents, which involve information technology
investigate the incidents to the needed extent
notify authorities, whether judicial (e.g., police) or administrative (e.g., competent data protection authorities)
notify other persons / entities affected by the incidents
protect their assets, whether tangible or not tangible
V4ensics digital forensics service aims to assist organizations address incidents, which involve information technologies, regardless of whether they are purely cyber (e.g. information security incidents) or concern cyber-assisted crimes, by providing investigation in a forensically sound manner.
Upon being notified by a potential customer V4ensics digital forensics team will:
listen to the customer.
request needed information.
assess the incident to be investigated.
assemble the proper team depending on the nature and the extent of the incident.
acquire digital evidence in a forensically sound manner.
triage the systems involved in the incident when needed.
analyse the acquired evidence.
conduct malware analysis, if needed.
produce threat intelligence.
produce a timeline that entails what occurred and how.
evaluate the extent and the type of the incident.
present the customer with a report that can be used, depending on the customer’s need, from the simple IT up to C-level executives or even in a court of law.
issue recommendations regarding things to be corrected to avoid future similar incidents (in case of information security incidents).
support the customer up to a court of law or a competent authority, should it be deemed necessary, by providing an expert witness testimony.
The service is provided in four plans. Depending on the investigation’s progress and findings and as the events unfold, a customer might request a plan upgrade (e.g., upon realization that an incident under investigation cannot be kept “inhouse” but needs to be communicated to the relevant authorities).
Basic Digital Forensics:
A digital forensics investigation is performed, which aims to uncover what occurred during an incident in order to assist an organization’s IT in:
- checking whether proper incident mitigation was performed.
- performing further mitigation actions, if needed.
- fixing “loopholes” associated with the incident, whether physical, technical or organizational.
The outcome of the service is an IT-oriented report, entailing, among others, a short timeline of events that comprise the incident, as well as problems that are associated with the incident.
Advanced Digital Forensics:
A thorough digital forensics investigation is performed, which aims to uncover what occurred during an incident and produce results that are actionable by all responsible entities of the organization.
The outcome of the service is a report, entailing, among others, a detailed timeline of events that comprise the incident, as well as problems that are associated with the incident and recommendations to address them.
The report can be utilized by various responsible entities within the organization and be presented to the organization’s C-Level executives.
Expert Digital Forensics:
A digital forensics investigation is performed, which aims to uncover what occurred during an incident and produce results that are actionable by all responsible entities of the organization as well as presentable to the corresponding authorities or to a court of law.
The outcome of the service is a report, entailing, among others, an exhaustive, to the extent possible, timeline of events that comprise the incident, as well as problems that are associated with the incident and recommendations to address them.
This level of service includes expert witness services to the extent that a member of V4ensics team, who was member of the investigative team, will:
- assist the organization in legal procedures relevant to the performed investigation, such as the personal data breach notification procedure, by providing relevant input where needed and when available.
- attend relevant legal proceedings, whether in a court of law or in any other context (e.g., “session” of a competent data protection authority), as an expert witness answering technical answers, proving expertise and supporting the produced investigative report where needed.
Security Incident / Data Breach Handling as a service:
Specialized service plan that consists of the services included in the premium forensics plan supplemented by continuous assistance in any required legal procedures (personal data breach notification, lawsuit, etc.) through provision of:
- Continuous legal and technical guidance, starting from initial digital evidence acquisition (e.g., for submitting personal data breach notification within 72 hours, as legally required by GDPR) up to performing of further legal actions (e.g., notification of data subjects), as well as up to incident closure, investigation and legal–wise.
- Any running legal or technical procedures (e.g., mitigation procedures) with further information produced during digital forensics analysis (when such information is available), which can be used to perform further technical actions (e.g., isolating/cleaning further malware infected machines) or to change the status of the legal actions (e.g., realizing that there is a personal data breach and performing relevant required actions).
In this level of service V4ensics, besides the digital forensics specialists that conduct the investigation, employs lawyers, which specialize in personal data legislation and/or electronic crimes.
V4ensics lawyers and digital forensics specialists work alongside, to produce the best possible outcome for V4ensics customers.