KÜRT – Data Recovery and Information Security

Digital Forensic Examination

The number of computer-related abuses is rising alarmingly in both the private and the public sectors. Such attacks give rise to massive financial and reputational damage, and can even have a devastating effect on exceptionally stable global brands though to have an unshakeable financial background.

Investigating the circumstances of such attacks, and revealing the factors and systemic problems that facilitate them is in the fundamental interest of corporate managers, in the interest of avoiding further problems.

Our Digital Forensic Examination serves to detect crimes and abuses committed against IT systems in the course of their operation, or to reconstruct them after the event. For the purpose of our examination we use our market-leading data rescue, ethical hacking, log analysis and incident management methodologies. Our experts reconstruct the circumstances of the occurred incident chronologically and also provide evidence regarding the details of the events underlying the incident.

Our services are implemented in two basic modes in terms of the time and means of examining the incidents:

1. Online forensic examination – we identify the incident in the course of the usual, standard operation of the IT equipment:

  • examination of computer systems: e.g.  detecting the presence of rootkits, detecting abuses of access permissions, examination of harmful memory content, analysis of installed software applications, examination of databases, etc.
  • examination of network traffic: security screening of active tools in the network, the filtering, from network traffic, of incidents and ongoing attacks, etc.
  • other examinations requested by the client: detection, examination of an unknown system

2. Offline forensic examination – subsequent reconstruction of incidents based on authentic copies of the IT devices’ data storage media:

  • examination of computer systems: chronological reconstruction of incidents, recovery of lost data, detection of concealed data (steganography), etc.
  • examination of network traffic: retrospective identification of clues suggesting attacks, from the traffic generated and logged on the network devices
  • examination of mobile devices: inspection of the increasingly sophisticated handheld computers and smart phones, which may be also suitable for carrying out abuses
  • other examinations requested by the client: detection, examination of an unknown system

More information: forensics(at)kurt.hu

Printable version