Digital Forensics and Incident Response

Early detection and rapid investigation are critical to repelling attackers and responding to threats. But countless warnings, insufficient information, and lack of visibility can keep you from doing these important things. This is where we come in. We offer a continuous 24-hour monitoring of IT resources, both in terms of cyber security (threat information and threat hunting) and rapid incident response (DFIR). We invite you to familiarize yourself with the SOC service as a service provided by the Security Operations Center (SOC) team.
  • We offer specialized services in computer forensics, especially related to cyber security, meaning DFIR (Criminology and Accident Response). We use highly specialized commercial equipment and tools to perform criminological analysis.
  • Our digital criminology lab, which conducts dozens of data mining and data extraction monthly, consists of a number of professional and reputable software, including the FTK Forensic Toolkit and X-Ways Forensics, which lets you find evidence through Analyze several documents.
  • Today, digital security is essentially the need of every company and therefore the most important issue is the speed of response. At SOC, we use dynamic defense technologies to identify new types of threats that have never been seen before (unique examples in targeted attacks).
  • Each new instance is automatically analyzed in a sandbox that simulates behavior to identify malicious methods. Using products such as Splunk and ELK, all behaviors within the network will be collected and behavioralized.

Incident Response

The most important aspect of SOC / CERT services is the competence of the technical team, because it is the level of knowledge of the experts that determines the cyber security of the organization. On the other hand, the network is directly covered by IDS / NIDS (Network Intrusion Detection System) software, which uniquely detects attacks performed on the local network. Malicious domains, IP addresses, and hash information (IOCs) are provided by our CTI (Cyber Threat Intelligence) system, which receives information in collaboration with other international disaster response teams.

Threat Hunter

Threat hunting and threat information are topics that have been introduced for more than a decade. And advanced APT attacks are monitored by IOCs. The ability to detect zero-day vulnerabilities (software vulnerabilities for which there are no security fixes yet) is a feature of threat hunting.

Security Operations Center

Experts from the SOC (threat hunter) and the CERT team are constantly working to implement defense (blue team) and offensive (red team) in cybersecurity, as well as a professional computer criminology lab to be able to act in different situations. In the Security Operations Center, hunting and rapid response specialists will always be in charge of data mining from data collection bases.

Computer Security Incident Response Team

A team responding to known incidents at times Emergency can help cyber organizations and institutions, this response to an incident during a cyber attack is very important and criminology teams can be very helpful in explicit investigations, for example if a ransomware mounts On an organization’s operating system, it usually takes a short time for the ransomware to reach the Impact stage, which can respond appropriately to the attack if the digital criminology response team intervenes quickly.

Malware Analysis

Malware analysis will be one of the key issues in data collection and criminology, and in this area, reverse engineering and anti-coding methods can be neutralized, as well as behavioral and signature malicious file formats that can be Has entered the system to perform appropriate operations and start data mining after reverse engineering the area.

Industrial Control Systems Security
Red Teaming and Social Engineering