suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computer and who was responsible for it.
Forensic investigators typically follow a standard set of procedures: After physically isolating the computer in question to make sure it cannot be accidentally contaminated, investigators make a digital copy of the hard drive. Once the original hard drive has been copied, it is locked in a safe or other secure storage facility to maintain its pristine condition. All investigation is done on the digital copy.
Investigators use a variety of techniques and proprietary forensic applications to examine the hard drive copy, searching hidden folders and unallocated disk space for copies of deleted, encrypted, or damaged files. Any evidence found on the digital copy is carefully documented in a “finding report” and verified with the original in preparation for legal proceedings that involve discovery, depositions, or actual litigation. In today’s environments computer forensics alone cannot give the lawful evidence in a 360 degree approach to the threats available in the IT space. So ISYX Technologies has a blend of both computer or host based forensic solutions and the Network based forensic solutions to full fill the customer’s forensics requirement.
Traditionally, network forensics has been about capturing and recording all the packets traversing the network and adding some analysis capabilities to enable investigation of security incidents after they occur. Intelligent network forensics is about being selective about capturing, visualizing, and recording sessions of interest.