Digital Forensics

Collect, preserve and analyze digital evidence to better understand security incidents

ForensicsMany organizations lack the skills required to properly evaluate security incidents. Whether an external attack resulted in a data breach or a rogue employee compromised sensitive information (credit card data, health information, etc.), it’s vital that you investigate the incident and take the necessary post-containment steps.

Coalfire’s digital forensics group can help your organization obtain, preserve, and examine digital evidence. Our forensics analysts piece together specific events to provide a greater understanding of when an event occurred, who was involved, and what data was affected.

We also help clients involved in litigation by supporting digital evidence and data collection and acquisition across IT systems, mobile devices, and social networks, as well as providing investigative analysis, expert testimony, and litigation consulting.

Our services include:

  • Breach response analysis – Identifying indicators of compromise, incident timeline, network connection and user account information, malware, and vulnerability information.

  • Cellular and mobile device investigations – Capturing system images of mobile devices for forensic analysis, keyword and pattern searches, personally identifiable information (PII), or credit card data.  

  • Employee misuse and misconduct investigations – Focusing on reviews of system users who have been accused of violating an organization’s policies and acceptable use procedures.

  • Indicator of compromise (IOC) check – Evaluating your system for IOCs, including malware on disk or in memory.

  • RapidCheck – Checking for compromise and credit card exposure on point-of-sale (POS) terminals.

Why choose Coalfire as your digital evidence partner?

IT forensic investigation is a core service that requires unique skills. With years of experience in digital forensics, we supplement your existing resources and help you collect, examine, maintain, and interpret evidence effectively and efficiently.

  • Digital forensics hands-on experience: Our team comprises former federal law enforcement officers and government contractors specializing in cyber operations. These analysts have numerous forensic certifications and have been recognized as computer forensics experts in state and federal courts.

  • Advanced data recovery collection and analysis tools and capabilities: Our specialists have the know-how to recover voice, video, image, and other metadata from mobile devices, even if deleted by the user. We can also conduct social media research and archiving to assist with civil prosecution and legal cases.

  • Regulatory knowledge and support: Our forensic team has expertise supporting technical assessment requirements in adherence with Payment Card Industry (PCI) Data Security Standard (DSS), the Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act (FISMA), and more.