Forensics & Analytics

Forensics & Analytics

What are Forensics & Analytics?

Forensics & Analytics are structured investigations that interpret and validate electronic data, and identify clear ‘incident trails’. They uncover evidence that can be used in legal proceedings or internally to improve information security.

 

Our Forensics & Analytics products

  • Digital Forensics
  • Digital Media Analytics
  • Digital Resilience
  • e-Discovery
  • Governance, Risk Management & Compliance
  • Vulnerability Scanning

5 – Recover

Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.

Products

Governance, Risk & Compliance (GRC)

GRC is a discipline that aims to synchronize information and activity across governance, risk management and compliance in order to operate more efficiently, enable effective information sharing, more effectively report activities and avoid wasteful overlaps.

R-SAM

R-SAM

Features

Let’s keep this simple: Take whatever GRC use case you want, we don’t dictate what you can and can’t do. Start with our baseline configurations to get your solution up and running fast. Use drag-and-drop, self-serve tools that let users enhance these configurations to best meet their requirements.

  • Audit Management
  • Policy Management
  • Business Continuity
  • Regulatory Change
  • Compliance
  • Enterprise Risk Management
  • Exception Management
  • Incident management
  • Vendor Risk Management

Description

Built for Change

Most GRC platforms are outdated before they’re fully implemented. That’s because vendors usually ask for all requirements upfront and hardwire dependencies during the initial design. Not Rsam. Our platform can adapt to any change you throw its way. Your modules all draw from a single, centralized repository built in a relational architecture. That means you can make changes without fear of breaking dependencies.

Demonstrate Value Quickly

Deploy an out-of-the-box, turnkey baseline configuration that addresses your most urgent use case within 30 days and iterate from there. With Rsam, you can also easily customize the baseline to meet your own unique needs. Iterate each step of the way until you reach 100% of your requirements. This keeps your implementation manageable and moving forward.

Puts Control in Your Hands

Your GRC program is unique to your organization – and Rsam thinks it should stay that way. We give you control over what modules you want to implement and in what order. There is no custom coding or expensive rework if you change your mind. Rsam’s relational architecture leverages a central database so you can build new use cases at your own speed. You save time, resources and money.

Specification

Rsam can help you transform GRC from ugly to elegant in 30 days. We keep it simple. Start with your highest priority modules. Add on as you go with a spectrum of modules to meet the most demanding requirements. Whether you need to build an integrated Security Incident Response Platform (SIRP) or get a better handle on your Vulnerabilities, Rsam can help. Rsam’s modules facilitate proactive measures and controls to fill gaps, with comprehensive workflows that trigger fast response.

RiskVision

RiskVision

The Vendor Risk Manager enables organizations to adopt a comprehensive approach to vendor risk that completely addresses their risk and compliance demands.

Features

  • Rate and classify vendors using simple classification assessment
  • Dynamically assign applicable controls based on vendor classification
  • Automatically generate assessment questionnaire based on applicable controls
  • Enforce different assessment requirements and frequencies by vendor criticality
  • Delegate administration of vendor survey responders to vendor key contacts
  • Enable ad-hoc delegation of assessment questions and streamline aggregation of responses
  • Reduce vendor training and support requirements with intuitive web based assessment interface
  • Measure and report compliance by vendor criticality, by region, or by business unit
  • Provide a single repository for all vendor compliance and risk related documents, including policy and control, evidence and supporting document, exceptions and approvals, contracts and service agreements
  • Collaborate with vendors on remediation of identified gaps and monitor resolution status

Description

The RiskVision Vendor Risk Manager provides the scalability and flexibility to create a repeatable and sustainable vendor risk and compliance management program. Built on the RiskVision integrated Governance, Risk, and Compliance (GRC) platform, RiskVision,

Vendor Risk Manager enables organizations to adopt a comprehensive approach to vendor risk that completely addresses their risk and compliance demands. With RiskVision, organizations can quickly measure current vendor risk against any standard, regulation or corporate policy, identify gaps, track remediation eorts, and confidently report on compliance. RiskVision Vendor Risk Manager dramatically reduces the time and cost associated with managing vendor risk programs while improving the ability to accurately calculate risk exposure and properly manage risks within acceptable tolerance levels. By centralizing data, automating manual activities and enabling continuous processes, companies can consistently apply controls, gain better visibility into vendor related risk, make more informed decisions, and demonstrate vendor compliance in real-time.

Specification

RiskVision Risk Manager is easy to use, deploy, and maintain so that organizations can quickly realize time to value. RiskVision enables a proactive and intelligent approach to vendor risk management by centrally managing vendor information, controls, risk, to easily map their existing vendor assessment processes. Once controls are tested, and view of vendor risk across the organization.

Centralization of data allows organizations to maintain a holistic view of their vendor risk assessment programs. RiskVision Vendor Risk Manager provides a central repository for all vendor contact details, contracts, risk, and compliance related information. Frameworks, controls, risk, evidence, and results are stored on a single searchable platform to provide current and up-to-date vendor information to company stakeholders.

Links

Vendor Risk Manager

Corporate Brochure 

Platform

 

Download as PDF

Illicit scanner

NetClean provides intelligence solutions to detect, block and analyse digital media to create a safer society.

NetClean

NetClean

Features

ProActive can detect child sexual abuse material on everything from USB flash drives and hard disks to email and Internet traffic.

Description

Specifically to find child pornography on computers (work).

NetClean provides intelligence solutions to detect, block and analyse digital media to create a safer society. It is the leading developer of technical solutions to fight child sexual abuse material. Its solutions are being used worldwide by multinational companies, government agencies, internet service providers, and law enforcement professionals.

Specification

  • Uses only police identified child pornography images, no false positives.
  • Can be Network and/or Endpoint solution.
  • Agent is compatible with Microsoft Windows, Linux and Mac OS X
  • Can block and/or issue an alert in the event of an incident
  • Handles both real-time scans and scheduled scans
  • Configuration control via the NetClean Management Server
  • Automatic updates
  • No end-user interaction
  • Network Agent is easily integrated with your proxy server via ICAP and conducts real-time scans in HTTP traffic in search of illicit images and video files.
  • Can block and/or issue an alert in the event of an incident
  • Appliance is a hardware agent that conducts real-time searches in network traffic in order to identify illicit images and video files but without compromising performance or causing delays.
  • Can block and/or issue an alert in the event of an incident
  • Handles unencrypted TCP- and UDP-based network protocols
  • Supports network speeds of up to 1 Gb/s
  • Supports installation inline or as a network tap
  • Built-in hardware redundancy
  • Configuration and control via the NetClean Management Server
Download as PDF

eDiscovery

AD eDiscovery® finds and collects needed data from the broadest range of structured and unstructured data sources of any single platform on the market.

Access Data

Access Data

Features

  • Schedule large audits of computers, network shares, and data repositories on or off the network.
  • Locate and collect key documents for analysis.
  • Apply a wide array of complex visualization, data analytics, and document review tools to quickly identify and produce key documents and prepare for a case.

Description

With an integrated, end-to-end platform covering every phase of e-discovery, corporate teams can efficiently and seamlessly conduct enterprise-wide search, targeted collection, systemized preservation, litigation hold, processing, data assessment and complete legal review, providing the reliability, predictability and efficiency required to enable your team to:

  • Mitigate Corporate Risk. Limit handoffs between vendors and technologies with a single, secure end-to-end solution and protect against spoliation, data loss and theft.
  • Ensure Compliance. Make sure data preservation needs are systematic and defensible in accordance with US and international preservation requirements for litigation, and governmental regulatory requirements.
  • Improve Response Efficiency. Rapidly access, capture and analyze information across a broad range of repositories and targets by leveraging mature and broadly adopted, forensic grade technology.
  • Lower Overall Cost. Process all potentially relevant information, structured and unstructured, inside and outside the enterprise with a single integrated solution.

Specification

AD eDiscovery® finds and collects needed data from the broadest range of structured and unstructured data sources of any single platform on the market. Using user-friendly, work flow-driven templates, AD eDiscovery performs “agentless” collections from:

  • Microsoft® Office 365 (email & calendar)
  • Google Drive • GmailTM corporate/administrator
  • Microsoft® Exchange 2003/2007/2010/2013
  • Microsoft SharePoint® 2003/2007/2010/2013
  • Oracle® URM • Druva
  • CMIS (Any data source that uses the CMIS standard)
  • IBM® Domino® • Cloud, web-based email (IMAP & POP)
  • Symantec® Enterprise VaultTM (journal/archive/files)
  • EMC® Documentum®
  • Xerox® DocuShare®
  • FileNet® repositories
  • Livelink®(OpenText®) repositories
  • WebCrawler (Web 1.0)
  • Box
Download as PDF

Forensics Tool Kit (FTK)

Reduce case investigative times by reviewing data and identifying relevant evidence, all in one centralized location.

Access Data

Access Data

Features

Forensics Tool Kits (FTK) database-driven, enterprise-class architecture allows you to handle massive data sets, as it provides stability and processing speeds not possible with other tools. It provides built-in data visualization and explicit image detection technology to quickly discern and report the most relevant material in your investigation. FTK’s interoperability with all AccessData’s solutions, allows you to correlate massive data sets from different sources, such as, computer hard-drives, mobile devices, network data, internet storage and more. This capability makes FTK the only digital investigation solution capable to reduce case investigative times by allowing you to review data and identify relevant evidence, all in one centralized location.

Description

Forensic Tool Kit (FTK) is a court-cited digital investigations platform built for speed, stability and ease of use. It provides comprehensive processing and indexing up front, so filtering and searching is faster than with any other product. This means you can “zero-in” on the relevant evidence quickly, dramatically increasing your analysis speed. Furthermore, because of its architecture, FTK can be setup for distributed processing and incorporate web-based case management and collaborative analysis.FTK is an award-winning, court-cited digital investigations solution built for speed, stability and ease of use. It quickly locates evidence and forensically collects and analyzes any digital device or system producing, transmitting or storing data by using a single application from multiple devices. Known for its intuitive interface, email analysis, customizable data views, processing speeds and stability, FTK also lays the framework so your solution can grow with your organization’s needs for a smooth expansion.

Download as PDF

Services

Forensics

Cognosec can assist you with your digital forensics investigations. This is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Cognosec Services

Cognosec Services

Features

The process for performing digital forensics comprises the following basic phases: Collection: identifying, labeling, recording, and acquiring data from the possible sources of relevant data, while following procedures that preserve the integrity of the data. Examination: forensically processing collected data using a combination of automated and manual methods, and assessing and extracting data of particular interest, while preserving the integrity of the data. Analysis: analyzing the results of the examination, using legally justifiable methods and techniques, to derive useful information that addresses the questions that were the impetus for performing the collection and examination. Reporting: reporting the results of the analysis, which may include describing the actions used, explaining how tools and procedures were selected, determining what other actions need to be performed (e.g., forensic examination of additional data sources, securing identified vulnerabilities, improving existing security controls), and providing recommendations for improvement to policies, procedures, tools, and other aspects of the forensic process.

Description

Over the last decade, the number of crimes that involve computers has grown, spurring an increase in companies and products that aim to assist law enforcement in using computer-based evidence to determine the who, what, where, when, and how for crimes. As a result, computer and network forensics has evolved to assure proper presentation of computer crime evidentiary data into court. Forensic tools and techniques are most often thought of in the context of criminal investigations and computer security incident handlingóused to respond to an event by investigating suspect systems, gathering and preserving evidence, reconstructing events, and assessing the current state of an event. Cognosec can assist you with your digital forensics investigations. This is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Specification

During a forensic investigation Cognosec will identifyi potential data source and acquire the data from the sources. Data acquisition will be performed using a three-step process:

  1. developing a plan to acquire the data
  2. acquiring the data
  3. verifying the integrity of the acquired data

After data has been collected, the next phase is to examine the data, which involves assessing and extracting the relevant pieces of information from the collected data. This phase may also involve bypassing or mitigating OS or application features that obscure data and code, such as data compression, encryption, and access control mechanisms. Once the relevant information has been extracted, Cognosec will study and analyze the data to draw conclusions from it and then prepare and present the information resulting from the analysis phase.

Download as PDF