Remote Forensics and Surveillance.
We live in an increasingly litigious world where companies can easily find themselves in the middle of legal action. Increasing corporate legislation means that considerable amounts of data must be made available usually from digital storage. Other cases including employee misconduct require a forensic response, including the ‘imaging’ and examination of hard drives in line with accepted techniques for integrity and continuity of evidence.
These issues can be an extraordinary pressure on IT security teams who by definition cannot be an expert at everything. Which means that often incident response and e-discovery requirements are handled incorrectly leaving the company open to criticism and legal action.
A cost-effective solution now exists for IT security teams to manage their legal responsibilities from a central location using software that ensures forensic integrity of data. From any location around the globe (law allowing) machines in the enterprise can be examined, hard drives imaged for forensic examination and necessary surveillance carried out.
Intelligent monitoring
The solution revolves around the pre-deployment of tiny covert software agents which can be deployed using standard patch management systems. The agent provides a point of contact for the Console which is used by the security team to communicate with each PC or Server. The agent allows the Console to connect to it using encrypted authentication and provides the operator with the ability to collect volatile evidence (network connections etc), RAM and even the entire drive.
The agent also provides unparalleled abilities to monitor the computer for anomalous activity that can be set by the operator. This may include the amount of data traffic being generated or data being copied to an external device. This behaviour can notify the operator who can respond. The operator can grab an image of the screen of the remote PC, can turn on keylogging and can even sniff data packets being generated or received by the computer. This can act as intelligence gathering to make the decision whether to image the machine or not.
E-discovery
Increasing legislation, especially surrounding SOX in the USA is causing many companies headaches when e-discovery demands are made upon them. Our solution greatly simplifies the issues by allowing the operator to instruct each deployed agent to search for defined data criteria and either copy the data to a central store or just report its presence.
For example, a law firm may require all data created after a certain date which contains particular keywords, alternatively they may wish to know which computers have a certain spreadsheet on them, and you can even query your enterprise to see which computers have accessed a particular web site. These capabilities make complying with e-discovery demands considerably simpler.
Although there are other solutions in the marketplace which provide some of these elements, our solution is not bound to any specific forensic examination platform and is significantly more cost-effective.
Our Flagship incident response, forensics, and e-discovery suite. You have to see it to believe it. Based on the world wide success of the Helix Live CD we have created a brand new product to work at the enterprise level. H3E will allow you to respond immediately to a given threat, image drive(s), image volatile data to include system RAM, scan users internet history, documents, etc. Have an e-discovery need or litigation hold desire then look no further than H3E.
e-fense™ was asked to deliver a product that could acquire volatile data from a system onto a USB thumb drive. Aperio is our answer. Built on H3E technology. Aperio quickly acquires volatile data using our patent pending technology.
Helix is the e-fense™ Live Forensics and Incident Response CD. Helix is much more than just another bootable live CD. It is a customized cd with a forensically sound boot environment and a special live environment found ONLY on this CD.
Visit the Helix Site