In case of an information technology (IT) related crime or incident digital forensics can help you and your organization to identify what really happened. I perform digital forensics aligned to the German BSI standard "Leitfaden IT-Forensik" and the general approach from SANS institute. My services as a certified forensic analyst (SANS) includes the following topics:

  • Computer forensics: Server and clients, specialized only on Windows and Linux
  • Network forensics: Network components, network traffic capture, firewall events etc.
  • Application and Database Server forensics for Apache, nginx, mysql, MSSQL etc.
  • Standard office core infrastructure components (like Active Directory, EVTX, Exchange etc.)

The usual goal of the digital forensic investigation is to identify the following questions:

  • What happened, what damage did it cause?
  • Where did it happen?
  • When did it happen?
  • How did it happen?
  • Who did it?
  • What can be done that it does not happen again?

I follow the following process based on the BSI standard for digital forensic:

  • Strategic preparation
  • Operational preparation
  • Forensic data collection
  • Forensic investigation
  • Data analysis
  • Documentation.

These services can be combined with malware analysis in case there where malicious files detected during the forensic investigation.
During the forensic data acquisition i take special care that the data integrity is guaranteed and that the out coming documentation can be used in court.

For more information please contact me via the following contact form