Incident Handling and Forensic Investigation Services
-- Projects involving internal employee abuse, virus/malware infections and external
hacker cyber attacks.
As an incident handler and forensic investigator, Mike Daveler has been directly involved
in over thirty projects involving internal employee abuse, virus/malware infections, and external hacker cyber attacks.
All investigations and projects were successfully performed and completed under extreme confidentiality and tight deadlines.
Mike has drafted Incident Handling Guides
and procedures, and led table-top exercises and mock incident scenarios for client engagements. Additionally, Mike presented
an Incident Handling and Forensic Examination seminar at the Philadelphia InfraGard conference in June 2013.
Below are a few examples of Incident Handling
and Forensic Examination engagements:
Incident Handling Lead/Onsite USA CERT Representative, Multinational Corporation.
Met with local security teams to review network intrusion and compromise,
review all isolation, containment and remediation steps, review current and proposed network changes.
Perform risk analysis, and provide feedback to head of global CERT team for resumption of normal operations.
Developed and formalized a methodology for company to handle APT risk.
Incident Handling/Digital Forensic Investigation, Webserver Compromise,
Major USA Law Firm.
rootkits and compromised operating system files on a DMZ webserver, and identified several eastern European attack sources.
Performed detailed analysis of firewall logs, web server event, FTP and web transaction logs, database transactional
logs, and review of DMZ to internal trust relationships. Identified dates, times and sources of attacks;
handled interaction with the FBI and filing of incident report with NIPC and Interpol.
Guidance provided on Windows server hardening, business partner access account restrictions, regular review and securing
of transactional log files, and use of Tripwire to secure critical operating system files.
Handling/Digital Forensic Investigation, Webserver Compromise, International Telephone Company.
- Identified four possible account
compromises used to commit international revenue sharing fraud; used innovative investigative techniques to review over 482MM
database entries from six load-balanced web server and database log files.
- Identified and provided specific details on anomalous activities:
password changes, account lockouts, possible buffer overflows, etc.
- Recommended several additional security configuration reviews and remediation
to be performed for increased security.
Forensic Acquisitions and Sensitive Investigations, $20MM Divorce Proceeding.
Performed numerous computer forensic acquisitions using EnCase software of
computer hard drives and other data collections.
Prepared spreadsheets and analysis for Client of sensitive financial documents.
Prepared detailed reports to Legal Counsel and Client
of findings and avenues for further investigations including electronic discovery requests and deposition question areas.