 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
Incident Handling & IT Forensics The investigation of potential computer crime cases within the company poses problems to most organizations since the overall technical, organizational and legal conditions are anything else but trivial. No matter whether the attacks come from within or outside the organization, after a short time those responsible often find that they have done many things the wrong way, that important traces were destroyed during the investigation or that utilization of found traces for legal purposes is no longer possible because of errors in the process. The technical methods commonly used in IT forensics so far contribute to the problems. Previously investigators have mainly concentrated on duplicating the hard drives of the affected PCs or servers using “dead analysis” and searching them for traces. The increasing use of hard disk encryption but also advanced attack methods leaving no traces on hard drives is an argument against this procedure. We therefore not only offer the dead analysis method but also the very new area of live analysis. Live analysis deals with the collection and analysis of volatile data from main memory without having to put important systems out of operation. The focus in this analysis is on the identification of malware (worms, trojans), code injection attacks or kernel root kits and extraction of data directly from memory (images, documents etc.). You can find our training in IT forensics here. Scope of themes: |
 |