13 September 2019
Time is of the essence if your organisation is under some form of cyberattack, particularly if you have not got the correct tools or expertise on standby. For many organisations, confirming they have an incident that warrants investigation or understanding the nature of an incident, is often not straightforward. Commonly they do not have ready access to people with the right level of experience and skills, and they certainly don’t have a comprehensive suite of Incident Response forensic tools sitting on the shelf ready to deploy.
The First Responder Forensic Toolkit (FRFT), built using Encase - forensic, “The Gold Standard in Forensic Investigations”, enables an organisation to quickly start the incident response process without requiring in-house expertise. Within minutes our FRFT will allow you to react to a potential incident and start collecting the data necessary to complete an initial triage exercise, which is paramount in conducting an effective investigation during incident response.
In the event of a cyber security attack, a data breach, issues with a rogue employee or suspected fraud, use our FRFT to start collecting forensic data. A privileged computer user follows our simple instructions and the FRFT will then take care of the rest - eliminating the need to have a forensics expert travel to site. The FRFT will ensure that the collected data is encrypted and can therefore be securely transferred to our forensic analysts.
Once the data collection exercise has been completed by the toolkit, our forensics experts will provide detailed reporting on their analysis of the supplied data. Guided by the intelligence gained from the triage exercise using our FRFT, the next stages of the incident response process can be initiated.
The toolkit has been developed in accordance with the following incident response and investigation standards: ISO 27035-1, 27035-2, 27037, and 27043. This helps to ensure that any information collected with the toolkit is admissible in courts.
The toolkit will allow an organisation to perform in-depth forensic searches, collect evidence and complete 32 predefined key investigative tasks. Some FRFT common use examples being –
Note: The toolkit can perform a search for card numbers used by 12 major credit card providers.
These common use examples provide a simple snapshot of the capabilities and power of the FRFT. Click Here to view a detailed infographic we created on common use examples.
In summary, the First Responder Forensic Toolkit (FRFT) can be quickly deployed by customers in the event of an incident, as urgent action is usually required. If you are responsible for documenting and maintaining an incident response plan, then it may be worth scheduling a call with one of our consultants to discuss how our FRFT will allow you to quickly take control of an incident and ideally manage it to a positive conclusion. Contact Mike or Steve today to schedule a call.
Some very good information that caught our attention recently was a communication piece from the North American Electric Reliability Corporation (NERC), a not-for-profit regulatory body whose mission is to assure the effective and efficient reduction of risks, to the reliability and security of the North American power grid.
The communication piece is called Lessons Learned. It discusses a real-life example of how an organisation in the power sector was impacted as a result of a vulnerability in their firewall vendors web interface. A number of perimeter firewalls that served as the outer security layer went into reboot mode over a 10-hour period, and each reboot saw a firewall being offline for under five minutes causing a Denial of Service effect.
The article is worth a read and the last section entitled “Lessons Learned”, provides some good advice that is not power industry specific. A very short summary of the points in this section are:
Click Here to view the article.
Another one for the good guys!
We have frequently covered the topic of Business Email Compromise in our previous Newsflash editions. It was good to see an announcement this week that a law enforcement operation that ran over four months, led to the arrest of 74 people in the United States and 207 others in 8 overseas locations, for allegedly running a range of financial fraud schemes. Named Operation reWired, it also led to the recovery over $100m that was transferred by the fraudsters during some of their time in operation. Whilst this result is very positive, it is also un-nerving to read how sophisticated some of the scams used by this group were, knowing that they represent just a small percentage of a very active and somewhat ingenious global cybercriminal population.
Click Here to read the article.