Effective incident response requires evidence gathering – using investigation and analysis techniques with devices to piece together what happened and how best to proceed.
Solutions in this category may involve tools intended for analysis of network events/data, or those that collect data from media over the network and live forensic tools. Regardless, they support businesses need to follow the breadcrumbs.
Click here to see our full list of 2022 SC Award finalists.
Ballistic Imager from Detego enables the rapid extraction of data from target computers and servers. The solution enables users with minimal technical knowledge to carry out forensically sound data extractions from devices without removing hard drives. Users with any skill level can start using Ballistic Imager after a short, 30-minute training. The solution fits in removable storage devices, is highly portable and can be deployed on target devices in seconds. With its rapid data extraction capabilities and easy-to-use interface, Detego’s Ballistic Imager eliminates bottlenecks created by outdated data extraction processes and helps investigators access information, faster. The Analyse capability that’s included enables teams to expedite investigations through AI-powered tools.
Packet data is the greatest source of truth in network forensics, providing certainty of what happened and when. The EndaceProbe Analytics Platform was designed to help organizations increase efficiency and reduce security appliance sprawl by providing a common, always-on platform for capturing and recording full packet data. The EndaceProbe makes packet capture cost-effective and scalable for network and security teams, allowing analysts to quickly extract and reconstruct files, and providing easy access for tools that need to analyze packet data. The EndaceProbe combines 100% accurate, high-speed full packet capture with the ability to host and integrate with network security and performance monitoring solutions.
PAS Cyber Integrity makes trusted backups of industrial control systems. These backups include computers, network gear (switches, routers, firewalls), and proprietary devices (DCS, PLC, SIS, historians, APC, protective relays, vibration monitoring devices, etc.). The backups are then aggregated, normalized, and contextualized into an offline digital twin of the system. Each digital twin is compared to previous digital twins of itself and every attribute, of every component, within the system is analyzed for change. In addition, PAS Cyber Integrity also captures system events that are obtained from the backups allowing the user to correlate events to changes detected.
QuoLab’s Security Operations Platform enables the collaboration of SME groups, both internal or external to the organization, with the fusion of data sets as well as with dedicated features and applications. This is accomplished through various data streams that are fed into the platform from an extensive library of dedicated connectors and partners. This data is then linked into the platform’s Graph Data Model, a flexible data storage catalog that showcases the relationships between all relevant data points. QuoLab delivers relevant expertise to users while speeding up analysis and remediation based on consolidated datasets over time.
RecordTS provides remote session recording for on-premise and cloud-based servers and workstations for Microsoft Azure WVD & RDS environments, VMware Horizon and Citrix Virtual Apps & Desktops, plus cloud environments such as AWS. Session recording is required for many industries including healthcare, banking, law enforcement, legal, government, etc. and is a necessary basic cyber forensic tool for DFIR. RecordTS is a low cost solution that fills this need. The product is easily deployed within minutes and can be scaled from a small office with only one server to enterprise networks and cloud environments with thousands of servers and workstations.
Copyright © 2022 CyberRisk Alliance, LLC All Rights Reserved This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions.