Digital Forensic Services

When an incident occurs in the organization then the incident response team is responsible for taking action on the basis of risk prioritization. They may take the following decision as per organizations’ policy:

1. They may Mitigate the risk
2. They may Ignore the risk
3. They may Transfer the risk
4. They may Accept the risk

Incident response (IR) plans are designed to test your company’s ability to respond to a security incident. The ultimate goal is to handle the situation so that it limits the damage to the business while reducing recovery time and costs.

Approaches we follow for successful incident response

• Address business vulnerability and assign roles and responsibility
• Identify relevant business departments and get them involved
• Identify Key Performance Indicators(KPIs) to measure the event
• Testing of the plan
• Review the plan constantly
• Determine incident
• Team formation and lead by IR analyst
• Right tools implementation
• Establishment of communication strategy

Forensic as a service model aims to establish a cloud forensic investigative process, which can be implemented within a cloud ecosystem, integrated with tools that should ensure relevant information is gathered, verified, and stored in a manner that is forensically sound and legally defensible.

Forensic service would help to consider the company’s important sensitive information from getting exploited by unauthorized access.

Why forensic service

• Identify Critical information against the unauthorized user
• Refine critical information from destruct mobile devices
• Necessary legal action could be taken against unauthorized access

The goal of malware analysis is to gain an understanding of how a specific piece of malware functions so that defenses can be built to protect an organization’s network. There are two key questions that must be answered.

The first: how did this machine become infected with this piece of malware?

The second: what exactly does this malware do?

Countermeasures of malware

After a lot of malware analysis different approaches, we follow for malware defense

• Firewall System
• Web filtering system
• Intrusion/Prevention Detection System (IPS/IDS)
• Host-based Intrusion Prevention System(HIPS)

These technologies help to protect the sensitive information from getting exploited by malware.

E-mail has emerged as the most important application on the Internet for communication of messages, delivery of documents and carrying out of transactions and is used not only from computers but many other electronic gadgets like mobile phones etc. Pyramid Email forensic services offer a unique solution for email forensics on email messages attainable from disk or other storage; Our services include

• Process, search, review and analyze email and ESI in a forensically sound manner maintaining chain of
• Our unique approach and tool allow us to find out critical data, visualize relevant relationships, and drill down to the most pertinent data.
• Process and search multiple email sources, file types, and metadata. View results in a visual layout of your choice and export the documents of interest in a wide variety of file formats.
• Discover the history of a message and the identity of all involved entities.
• Investigate client or server computer suspected of being used or misused for e-mail forgery. It may involve inspection of Internet favourites, Cookies, History, Typed URL’s, Temporary Internet Files, Auto-completion Entries, Bookmarks, Contacts, Preferences, Cache, etc
• Skin tone detected, regular expression based search, bookmarking of potential evidence, email data classification, detailed reporting of investigation stages etc.
Our tools and approach for email forensic is based on industry best practices and landmarks which are completely scalable, focused, and flexible to accomplish the need of the client.

Pyramid cyber is a specialized digital forensic company offering industry best services in computer forensic and investigation which includes disk forensic, cloud forensic and other digital storage media forensic like USB devices, Firewire devices, CD, DVD, Flash drives, Floppy disks etc. Pyramid digital forensic team comprises of core technical and techno-legal background professional carrying years of experience and industry certification in the cyber forensic investigation, and have the experience to solve a variety of cases related to IPR theft, corporate policy violation, child pornography, terrorism, data theft, financial fraud and staking etc. We are using a standard tool to dig into deep of data maintaining chain of custody and standard guidelines. Tools we are using are Forensic Falcon, Access Data FTK, Magnet IEF, WestoneStegohunt etc. for a complete cycle of investigation and reporting.

Services:

• Imaging and authentication of digital evidence
• Data indexing, processing and keyword searching.
• Find every file on the computer system, including files that are encrypted, protected by passwords, hidden or deleted, but not yet overwritten
• Ensuring investigations preserved all the information on the computer system without changing or damaging it.
• Recover as much deleted information as possible using applications that can detect and retrieve deleted data.
• Reveal the contents of all hidden files with programs designed to detect the presence of hidden data.
• Decrypt and access protected files.
• Analyze special areas of the computer’s disks, including parts that are normally inaccessible. (In computer terms, unused space on a computer’s drive is called unallocated space. That space could contain files or parts of files that are relevant to the case.)
• Testify in court as an expert witness in computer forensics.

Cell phone forensic is quickly emerging field within the digital forensic, today’s mobile devices are getting smarter, cheaper and more easily available for common daily use. Courtrooms are relying more and more on the information inside a cell phone as vital evidence in cases of all types. Despite that, the practice of mobile phone forensics is still in its relative infancy. Given the pace at which mobile technology grows and the variety of complexities produced by today’s mobile data, forensics examiners Pyramid specialized cell phone forensic services offer a unique solution that best tackle cell phone analysis. Our approach to investigate cell phone is in three folds;

1. Seizure,
2. isolation, and
3. documentation

Which is further followed by?

• Achieve and maintain network isolation (Faraday bag, RF-shielded box, and/or RF-shielded room).
• Thoroughly document the device, noting all the information available. Using photography to support documentation.
• If a SIM card is in place, remove, read, and image the SIM card.
• Clone the SIM card.
• Physical/logical extraction of the cell device.
• Analyze/review/keyword search of parsed data from physical/logical extraction.
• Carve raw image for various file types or strings of data.
• Report of findings.

Network forensics is categorized as a single branch of digital forensics; it includes the areas of monitoring and analyzing computer network traffic and allows individuals to gather information, compile evidence, and/or detect intrusions.

Two systems are commonly used to collect network data; a brute force “catch it as you can” and a more intelligent “stop look listen” method.

• “Catch-it-as-you-can”
• All packets are captured
• Large storage needed
• Analysis in batch mode
• Usually at packet level
•    For later analysis
• “Stop, look and listen”
• Requires faster processor for incoming traffic
• Each analyzed in memory
• Certain ones are stored
• Usually at packet level
• Real-time filtering