Making complex data simple and compelling
From digital device to digital evidence
Unlock your vehicle's digital evidence potential
Forensic Analysis and Enhancement
Investigating and analyzing financial records
Gain access to the online accounts of deceased loved ones
Clear, precise evidence for a messy world
Expert reports to suit your specific needs
We can locate people anywhere
Stop worrying and learn the truth
Prevent, Detect, Respond To Cyberattacks
First response is crucial. Every minute counts.
The first response is critical to reduce liability
Detection & Removing Spyware Services
Reduce your electronic risk from digital transmittals
Find out who you are really talking to
Experienced, Confidential Services
Swift, professional incident response
Complicated cases require compelling digital facts
Find, recover and document digital evidence
Bring solid evidence before a judge
Cases can be investigated using Social Media
Divorce, custody battles, and other
Win the most important battle of your life
Everything you need
Effective Expert Witness in Court
Evidence shows who is telling the truth
Subpoena power yields strong evidence
Digital evidence can build a strong defense
Go to court with compelling digital evidence
You probably either heard about Ransomware programs that encrypt user files and then ask to transfer money.
Michael Gough, a local “Malware Archeologist” published a blog post about using Splunk.
Michael’s technique relies on enabling File Auditing within the Advanced Auditing features of laterWindows operating systems for the directory of data that you want to monitor.
The author of the article was going to do the same on their test systems, but found that he could get a label file creation time using the data for Windows SYSMON. Sysmon is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time. By collecting the events it generates using Windows Event Collection or SIEM agents and subsequently analyzing them, you can identify malicious or anomalous activity and understand how intruders and malware operate on your network. It turns out that ransomware is easy to find if you dial back your spam-filter/anti-virus/discretion and actually click on the links or unzip and run the attached scripts. Sysmon’s output is XML, so it’s relatively easy to parse.
You can read in more detail one example of how Splunk can be used to deal with extortionists here.
Save my name, email, and website in this browser for the next time I comment.
Δ
Speak to a Specialist Now
Get Help Now