HomeAbout UsCIO/CISO ServicesIncident Handling ServicesCompliance Services

Incident Handling and Forensic Investigation Services

-- Projects involving internal employee abuse, virus/malware infections and external hacker cyber attacks.

 

As an incident handler and forensic investigator, Mike Daveler has been directly involved in over thirty projects involving internal employee abuse, virus/malware infections, and external hacker cyber attacks.  All investigations and projects were successfully performed and completed under extreme confidentiality and tight deadlines.

 

Mike has drafted Incident Handling Guides and procedures, and led table-top exercises and mock incident scenarios for client engagements.  Additionally, Mike presented an Incident Handling and Forensic Examination seminar at the Philadelphia InfraGard conference in June 2013.

 

Below are a few examples of Incident Handling and Forensic Examination engagements:

 

 

Incident Handling Lead/Onsite USA CERT Representative, Multinational Corporation.

  • Met with local security teams to review network intrusion and compromise, review all isolation, containment and remediation steps, review current and proposed network changes.
  • Perform risk analysis, and provide feedback to head of global CERT team for resumption of normal operations.
  • Developed and formalized a methodology for company to handle APT risk.

 

Incident Handling/Digital Forensic Investigation, Webserver Compromise, Major USA Law Firm.

  • Located rootkits and compromised operating system files on a DMZ webserver, and identified several eastern European attack sources.
  • Performed detailed analysis of firewall logs, web server event, FTP and web transaction logs, database transactional logs, and review of DMZ to internal trust relationships.  Identified dates, times and sources of attacks; handled interaction with the FBI and filing of incident report with NIPC and Interpol.
  • Guidance provided on Windows server hardening, business partner access account restrictions, regular review and securing of transactional log files, and use of Tripwire to secure critical operating system files.

Incident Handling/Digital Forensic Investigation, Webserver Compromise, International Telephone Company.

  • Identified four possible account compromises used to commit international revenue sharing fraud; used innovative investigative techniques to review over 482MM database entries from six load-balanced web server and database log files.
  • Identified and provided specific details on anomalous activities:  password changes, account lockouts, possible buffer overflows, etc.
  • Recommended several additional security configuration reviews and remediation to be performed for increased security.

 

Forensic Acquisitions and Sensitive Investigations, $20MM Divorce Proceeding.

  • Performed numerous computer forensic acquisitions using EnCase software of computer hard drives and other data collections.
  • Prepared spreadsheets and analysis for Client of sensitive financial documents.
  • Prepared detailed reports to Legal Counsel and Client of findings and avenues for further investigations including electronic discovery requests and deposition question areas.