Forensic Investigation and Incident Response
No organization is immune to cyber-attacks and data breaches. Downstreem has an experienced team ready to respond quickly to data breaches involving municipalities, governmental organizations, educational, health and finance sectors. From compromised email to malware that may have affected your organization, our experts have you covered using best-in-class technology and proprietary software.
Many breaches are about cash and most attackers will take the least demanding route to get to the data they need. Another developing danger is in the health sector. Vulnerabilities increase with medical devices when pacemakers and other hardware data is stored in the cloud.
When organizations rely on perimeter-security technology, they are often ill-equipped to protect their data from mobile devices, cloud services and social media. Mobile data does not respect traditional network boundaries and too many organizations see mobile security as a bolt-on solution to their perimeter-security strategy, rather than seeing it in terms of a fundamental shift in how enterprise data is shared and protected.
Understanding the cause of the data breach event is essential.
Why was the data breach initiated? Many breaches are attempts to steal data, however just as many are accidents caused by employee negligence or process failures.
What tools were used to commit the data breach? Was it malware, hacking or access to a user’s login credentials?
When did the breach occur?
Downstreem for Forensic Investigation and Incident Response
Digital forensics is the most effective method to identify and interpret clues in a data breach. Downstreem provides a broad range of forensic services related to the collection, analysis and reporting of digital evidence in legal, criminal, regulatory investigations, including the recovery and analysis of mobile device data. We can also deliver expert witness testimony on forensic and security matters.
We provide investigative support in the following areas:
• Fraud: insider trading, bribery, kickbacks, embezzlement
• Theft: funds, inventory and intellectual property
• IT Forensics: recovery of erased data, email analysis, mobile forensics
Downstreem begins each data breach investigation at the scene of the incident. Most IT departments can identify vital clues. Log files are key, as they show who accessed or modified files and the IP address. Interviewing relevant employees can also uncover information about the breach. It is important to understand that the length of time to discover a breach can range from weeks to months, or even longer.
The aim of the investigation is to identify the suspects of the digital crime and to establish what data is stolen and the intention of the suspects. Downstreem utilizes industry standard internet monitoring platforms to detect keywords and find evidence on servers globally. Data obtained from cyber channels is most effective when linked to physical evidence as additional proof. We ensure that no digital evidence is overlooked and assist at any stage of an investigation, regardless of the size or location of data sources.
Cyber and traditional crimes are commonly connected because the internet has enabled traditional crimes to take place remotely or over the internet.
• Unauthorized Access – Access to your computer or device without permission,
• Malware – Viruses, trojans and spyware designed to monitor online activity and cause damage to the user’s computer,
• Denial of Service Attacks – Computers or websites are flooded with data, causing them to overload and prevent it from functioning properly.
• Email Fraud - Phishing attacks, email fraud and scams happen when criminals hack into the email servers of organizations and search through email accounts looking for sensitive information. They then send various fictitious emails from the hacked email account or a replicated email address, asking for transfers of funds into a nominated bank account.
• Hacked Websites - Websites and hosting platform attacks are on the rise. Spear phishing and social engineering methods are used to steal email account user data, including login credentials. Hackers then have total control over a website, its client list and data such as customer information, credit cards, address and IP. Often hackers sell the data on the dark web or blackmail the client list.
Data Breach Prevention Best Practices
• Determine the consequences of a data breach and be able to communicate these consequences to the proper parties. Also, determine who has access to the data and why.
• Encourage reporting of a data breach, so that IT can immediately step in and start assessing the situation. Management should be kept informed as the investigation goes forward.
• Know regulatory requirements to know what must be done in the event of a data breach.
• Inform the proper authorities, including law enforcement, particularly if the break could cause harm to a person or business.
• Contact the insurance carrier.
• Business partners affected by the data breach should be called immediately.
• Have a communication policy in place for informing customers and regulatory boards when a data breach occurs.
Downstreem is ready to assist you at your convenience.
Call or eMail and we will respond within 24 hours.