Forensic Analysis

Forensic analysis is a critical component in the investigation and prosecution of criminal activity. Preserving forensic data provides evidence to prosecute an attacker or criminal, recover financial losses, and prevent similar attacks in the future.

But forensic analysis must be done right to be valuable. Simply opening files to look at their content may modify them, and thus make them useless as evidence. C5i's Forensic Analysis solution follows a strict methodology developed according to FBI and ISACA guidelines and standards and includes:

• Collection and preservation of evidence, ensuring that potential evidence is not altered or destroyed during the collection process
• Isolation and examination of computer and network hardware and software, ensuring that possible evidence is properly handled and protected from physical, mechanical, or electromagnetic damage
• Detailed analysis of computer hard drives, email files, removable drives, and security logs. This often includes recovery of data that was deleted or altered.
• Detailed analysis of web forums, chat rooms, blogs, bulletin boards, and other online communication forums.
• Ensuring that office operations are not affected during the examination and that no viruses or other problems are introduced into the client's system
• A chain of custody that is maintained throughout the investigation, which includes detailed forensic evidence logs
• Written analysis and presentation (including an attack timeline, if applicable) for prosecution and prevention of similar attacks

C5i has extensive experience performing computer security forensic analysis for both commercial and government clients. Our experts have experience with a wide variety of hardware and software as well as the use of forensically sound techniques and procedures.