For several years, Defense Point Security staff have been directly responsible for engineering and providing computer forensics and digital media analysis services to protect large federal agency customers.
DPS specializes in a type of computer forensics known as Digital Media Analysis (DMA) that can and should precede the traditional search-and-seizure approach. Management and incident responders need timely information to triage an incident, determine whether a security incident has even occurred, whether user workstations should be confiscated for weeks, etc. In reality, a very slim number of computer security incidents end up actually being prosecuted in a US court of law where evidentiary value becomes important.
Responding to an incident by resorting to search-and-seizure forensics first and only, without having adequate data to support the decision, can lead to a costly investigation that is slow to yield useful information and could lead to embarrassment and a loss of trust.
Having a DMA engineer look at your network is like seeing a doctor when you are sick. DMA gathers all the data, analyzes, tests and gives a diagnosis. These results tell us who infected you, what happened, where it took place, when it took place and why you were infected.
To assist us in our DMA capability, we rely upon proven industry best-practices and established guidelines, including computer forensics resources offered by the National Institute of Standards and Technology (NIST) such as the National Software Reference Library (NSRL), the Computer Forensics Tool Testing (CFTT), and the Computer Forensic Reference Data Sets (CFReDS).
Our DMA engineers pride themselves in the extensive amount of experience and expertise they offer to perform an adequate computer forensics investigation.
- PLATFORMS — Extensive experience across numerous types of platforms including Window, Linux, and Unix hosts.
- TECHNIQUES — Proven processes for varying types of analysis to quickly determine cause and scope of attack.
- TOOLS — Make use of open source and commercial tools.
- Cost savings
- Attribution and determining cause
- Reconstruction of attacks across the network and at the host level
- Verification and not just a best guess
- Strengthen detection and analysis capability
- Identification of new attack vectors