What are Forensics & Analytics?
Forensics & Analytics are structured investigations that interpret and validate electronic data, and identify clear ‘incident trails’. They uncover evidence that can be used in legal proceedings or internally to improve information security.
Our Forensics & Analytics products
- Digital Forensics
- Digital Media Analytics
- Digital Resilience
- Governance, Risk Management & Compliance
- Vulnerability Scanning
1 – Identify
Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.
2 – Protect
Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services
3 – Detect
Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
4 – Respond
Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
5 – Recover
Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.
Vendor Risk Manager (GRC)
The Vendor Risk Manager enables organizations to adopt a comprehensive approach to vendor risk that completely addresses their risk and compliance demands.
- Rate and classify vendors using simple classification assessment
- Dynamically assign applicable controls based on vendor classification
- Automatically generate assessment questionnaire based on applicable controls
- Enforce different assessment requirements and frequencies by vendor criticality
- Delegate administration of vendor survey responders to vendor key contacts
- Enable ad-hoc delegation of assessment questions and streamline aggregation of responses
- Reduce vendor training and support requirements with intuitive web based assessment interface
- Measure and report compliance by vendor criticality, by region, or by business unit
- Provide a single repository for all vendor compliance and risk related documents, including policy and control, evidence and supporting document, exceptions and approvals, contracts and service agreements
- Collaborate with vendors on remediation of identified gaps and monitor resolution status
The RiskVision Vendor Risk Manager provides the scalability and flexibility to create a repeatable and sustainable vendor risk and compliance management program. Built on the RiskVision integrated Governance, Risk, and Compliance (GRC) platform, RiskVision,
Vendor Risk Manager enables organizations to adopt a comprehensive approach to vendor risk that completely addresses their risk and compliance demands. With RiskVision, organizations can quickly measure current vendor risk against any standard, regulation or corporate policy, identify gaps, track remediation eorts, and confidently report on compliance. RiskVision Vendor Risk Manager dramatically reduces the time and cost associated with managing vendor risk programs while improving the ability to accurately calculate risk exposure and properly manage risks within acceptable tolerance levels. By centralizing data, automating manual activities and enabling continuous processes, companies can consistently apply controls, gain better visibility into vendor related risk, make more informed decisions, and demonstrate vendor compliance in real-time.
RiskVision Risk Manager is easy to use, deploy, and maintain so that organizations can quickly realize time to value. RiskVision enables a proactive and intelligent approach to vendor risk management by centrally managing vendor information, controls, risk, to easily map their existing vendor assessment processes. Once controls are tested, and view of vendor risk across the organization.
Centralization of data allows organizations to maintain a holistic view of their vendor risk assessment programs. RiskVision Vendor Risk Manager provides a central repository for all vendor contact details, contracts, risk, and compliance related information. Frameworks, controls, risk, evidence, and results are stored on a single searchable platform to provide current and up-to-date vendor information to company stakeholders.
NetClean provides intelligence solutions to detect, block and analyse digital media to create a safer society.
ProActive can detect child sexual abuse material on everything from USB flash drives and hard disks to email and Internet traffic.
Specifically to find child pornography on computers (work).
NetClean provides intelligence solutions to detect, block and analyse digital media to create a safer society. It is the leading developer of technical solutions to fight child sexual abuse material. Its solutions are being used worldwide by multinational companies, government agencies, internet service providers, and law enforcement professionals.
- Uses only police identified child pornography images, no false positives.
- Can be Network and/or Endpoint solution.
- Agent is compatible with Microsoft Windows, Linux and Mac OS X
- Can block and/or issue an alert in the event of an incident
- Handles both real-time scans and scheduled scans
- Configuration control via the NetClean Management Server
- Automatic updates
- No end-user interaction
- Network Agent is easily integrated with your proxy server via ICAP and conducts real-time scans in HTTP traffic in search of illicit images and video files.
- Can block and/or issue an alert in the event of an incident
- Appliance is a hardware agent that conducts real-time searches in network traffic in order to identify illicit images and video files but without compromising performance or causing delays.
- Can block and/or issue an alert in the event of an incident
- Handles unencrypted TCP- and UDP-based network protocols
- Supports network speeds of up to 1 Gb/s
- Supports installation inline or as a network tap
- Built-in hardware redundancy
- Configuration and control via the NetClean Management Server
- Schedule large audits of computers, network shares, and data repositories on or off the network.
- Locate and collect key documents for analysis.
- Apply a wide array of complex visualization, data analytics, and document review tools to quickly identify and produce key documents and prepare for a case.
With an integrated, end-to-end platform covering every phase of e-discovery, corporate teams can efficiently and seamlessly conduct enterprise-wide search, targeted collection, systemized preservation, litigation hold, processing, data assessment and complete legal review, providing the reliability, predictability and efficiency required to enable your team to:
- Mitigate Corporate Risk. Limit handoffs between vendors and technologies with a single, secure end-to-end solution and protect against spoliation, data loss and theft.
- Ensure Compliance. Make sure data preservation needs are systematic and defensible in accordance with US and international preservation requirements for litigation, and governmental regulatory requirements.
- Improve Response Efficiency. Rapidly access, capture and analyze information across a broad range of repositories and targets by leveraging mature and broadly adopted, forensic grade technology.
- Lower Overall Cost. Process all potentially relevant information, structured and unstructured, inside and outside the enterprise with a single integrated solution.
AD eDiscovery® finds and collects needed data from the broadest range of structured and unstructured data sources of any single platform on the market. Using user-friendly, work flow-driven templates, AD eDiscovery performs “agentless” collections from:
- Microsoft® Office 365 (email & calendar)
- Google Drive • GmailTM corporate/administrator
- Microsoft® Exchange 2003/2007/2010/2013
- Microsoft SharePoint® 2003/2007/2010/2013
- Oracle® URM • Druva
- CMIS (Any data source that uses the CMIS standard)
- IBM® Domino® • Cloud, web-based email (IMAP & POP)
- Symantec® Enterprise VaultTM (journal/archive/files)
- EMC® Documentum®
- Xerox® DocuShare®
- FileNet® repositories
- Livelink®(OpenText®) repositories
- WebCrawler (Web 1.0)
Digital Media Analysation (FTK)
Forensics Tool Kits (FTK) database-driven, enterprise-class architecture allows you to handle massive data sets, as it provides stability and processing speeds not possible with other tools. It provides built-in data visualization and explicit image detection technology to quickly discern and report the most relevant material in your investigation. FTK’s interoperability with all AccessData’s solutions, allows you to correlate massive data sets from different sources, such as, computer hard-drives, mobile devices, network data, internet storage and more. This capability makes FTK the only digital investigation solution capable to reduce case investigative times by allowing you to review data and identify relevant evidence, all in one centralized location.
Forensic Tool Kit (FTK) is a court-cited digital investigations platform built for speed, stability and ease of use. It provides comprehensive processing and indexing up front, so filtering and searching is faster than with any other product. This means you can “zero-in” on the relevant evidence quickly, dramatically increasing your analysis speed. Furthermore, because of its architecture, FTK can be setup for distributed processing and incorporate web-based case management and collaborative analysis.FTK is an award-winning, court-cited digital investigations solution built for speed, stability and ease of use. It quickly locates evidence and forensically collects and analyzes any digital device or system producing, transmitting or storing data by using a single application from multiple devices. Known for its intuitive interface, email analysis, customizable data views, processing speeds and stability, FTK also lays the framework so your solution can grow with your organization’s needs for a smooth expansion.
Cognosec can assist you with your digital forensics investigations. This is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.
The process for performing digital forensics comprises the following basic phases: Collection: identifying, labeling, recording, and acquiring data from the possible sources of relevant data, while following procedures that preserve the integrity of the data. Examination: forensically processing collected data using a combination of automated and manual methods, and assessing and extracting data of particular interest, while preserving the integrity of the data. Analysis: analyzing the results of the examination, using legally justifiable methods and techniques, to derive useful information that addresses the questions that were the impetus for performing the collection and examination. Reporting: reporting the results of the analysis, which may include describing the actions used, explaining how tools and procedures were selected, determining what other actions need to be performed (e.g., forensic examination of additional data sources, securing identified vulnerabilities, improving existing security controls), and providing recommendations for improvement to policies, procedures, tools, and other aspects of the forensic process.
Over the last decade, the number of crimes that involve computers has grown, spurring an increase in companies and products that aim to assist law enforcement in using computer-based evidence to determine the who, what, where, when, and how for crimes. As a result, computer and network forensics has evolved to assure proper presentation of computer crime evidentiary data into court. Forensic tools and techniques are most often thought of in the context of criminal investigations and computer security incident handlingóused to respond to an event by investigating suspect systems, gathering and preserving evidence, reconstructing events, and assessing the current state of an event. Cognosec can assist you with your digital forensics investigations. This is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.
During a forensic investigation Cognosec will identifyi potential data source and acquire the data from the sources. Data acquisition will be performed using a three-step process:
- developing a plan to acquire the data
- acquiring the data
- verifying the integrity of the acquired data
After data has been collected, the next phase is to examine the data, which involves assessing and extracting the relevant pieces of information from the collected data. This phase may also involve bypassing or mitigating OS or application features that obscure data and code, such as data compression, encryption, and access control mechanisms. Once the relevant information has been extracted, Cognosec will study and analyze the data to draw conclusions from it and then prepare and present the information resulting from the analysis phase.