One of the most common forms of computer crime involves outside access of network resources by an entity that has no authority to do so, usually termed â€œhackingâ€. This form of computer crime can also include unauthorised internal access of corporate network resources.
Disklabs provides its client base with access to a team of highly skilled network forensics analysts, working tightly to ACPO (Association of Chief Police Officers) guidelines. Â The team has access to a range of specialised network forensics technologies, which allow them to monitor, capture and analyse network data in real-time. Disklabs operates a Â forensically clean analysis laboratory, which guarantees the integrity of forensics data, ensuring that our forensics results and findings are accurate and dependable.
Disklabs network forensics analysts are trained in both primary network forensics methodologies, both “catch it as you can” and “stop, look and listen” techniques.
The “CatchÂ it as you can” method captures all network traffic which is passing through a particular point of the network. Â This requires large amounts of digital data storage andÂ is theÂ slower approach.
The “stop, look and listen” techniqueÂ involvesÂ interrogating each packet in memory and only saving relevant data. Â It requires faster data processing capacity but less digital storage.
Before any network forensics can take place a quantity of network traffic will need to be captured. Specialist â€œpacket sniffer” software Â is used to collect raw network data. Â This is used alongside any existing access logs to form the basis of the network forensics investigation.
Once this data has been collected a technique known as â€œsessioningâ€ is performed using a protocol analysis tool. This allows the network forensics technician to identify all network activity between selected network start and end points. These types of tools will often contain some form of graphical representation of network activity within the session.
Once the raw network data has been processed using protocol analysis tools the technician is able to visibly interrogate network activity, allowing them to;
â€¢ Track down the source of the unauthorised access.
â€¢ Discern the scope of the activity performed during the period of access
â€¢ Determine the possible dangers of the unauthorisedÂ breach.
Disklabs network forensics services are used as both an investigatory and preemptive tool. Â Our team can support both criminalÂ and civil investigations or be used by corporations who need to determine areas of weakness.
To arrange a confidential discussion simply callÂ +44(0)1827 50000 today or use our contact form.