forensics>

Forensic Analysis Personnel

M. J. Thompson Network Solutions forensic experts routinely coordinate with the high level managers, network administrators, and network security personnel.

Our forensic experts conduct imaging, forensic analysis, and documentation of pertinent details obtained from compromised servers and workstations.

The forensic examinations routinely document the following:

  • The method of intrusion;

  • Files uploaded by the unauthorized intruder;

  • Actions taken by the intruder to further compromise the machine by obtaining root or system privileges;

  • Laterally compromised computers, which were not detected by IDS sensors;

  • Direct evidence documenting, which digital files were exfiltrated.

    • The exams routinely identify, disect, and document extremely complex Trojans and backdoors, which incorporate tunneling and encryption techniques. Under these circumstances, IDS sensors may be unable to identify, which digital documents were previously exfiltrated from the compromised network.

    The above-denoted exams require exceptional knowledge and a comprehensive understanding of computer forensics procedures and methodology.

    Our forensic experts are required to be proficient in the following areas:

  • The analysis and interpretation of packet capture (PCAP) data, which is retrieved from intrusion detection systems and sniffers;

  • The ability to decode malicious website links and payloads, which have been obfuscated with Java Script.

  • The capability to deploy security vulnerability scanners such as Nessus;

  • Possess an in-depth understanding and knowledge of computer forensic investigative software;

  • Possess the ability to conduct file signature analysis and md5sum comparisons;

  • Possess the ability to retrieve user credentials from registry files and crack the corresponding password hashes utilizing rainbow tables;

  • Possess the ability to create a self-contained sand box where malicious files can be safely interrogated;

  • Possess the ability to analyze and interpret information gleaned from registry monitors, file system monitors, process monitors, hex editors, and decompilers;

  • Present the findings in a report, which can be easily comprehended by individuals who may possess limited knowledge in the area of computers and network technology.