digital forensics & incident response

Computer forensics is the process of acquiring, analyzing and documenting digital evidence. Xandstorm conducts high grade forensic IT examinations utilizing equipment and software, generally considered 'industry standard' within both Intelligence & Security, and Law-enforcement communities.

The objective of computer data examination and analysis is to disclose facts as recorded on computer systems and electronic media, in a forensically sound and non-biased manner. It entails following the chain of evidence as it unfolds. Forensic examinations can be divided into the following categories:

Disk forensics

Disk forensics encompass the acquisition and analysis of data stored on physical storage media like computer hard drives, volatile memory, and removable media. It includes the recovery of hidden, encrypted and deleted data, as well as file identification and the extraction of meta-data, the proverbial 'data about the data'.

Network forensics

Network forensics is the process of examining network traffic, including transaction logs and real-time monitoring. It concerns the capture, recording, and analysis of network events. The objective of network forensics is to disclose the source of IT related security breaches and includes both physical and virtual network environments.

Internet forensics

Internet forensics is the process of uncovering where and when a person or organization has utilized the internet or company intranet with malicious intent. For example with regard to digital financial fraud, corporate espionage and identity theft. It seeks to identify, extract and report evidence related to such uses.

E-mail forensics

Electronic mail is still one of the most common ways persons and organizations exchange information, and which is not seldom of a confidential nature. E-mail forensics encompass the analysis of source and content of electronic mail as evidence. Among others it includes activities like identifying the actual sender, recipient, date, time, and location an email originated from or was sent to.

Download data sheet in PDF:

Data extracted from a mobile phone or tablet computer are the mirror of a persons lifestyle and activities, both personal and professional.

Mobile communication devices are commonplace in our current information driven society and used by many, if not all, for both personal and professional purposes. Large scale use of these so called smart devices already resulted in ‘text’ being the new ‘talk’. Substantially changing the complexion of evidence recovery, analysis, and presentation in both civil and criminal investigations.

With respect to digital analysis and fact-finding, such devices have become of utmost importance because they are constantly being carried around by its user. And therefore can be considered a personal ‘black box’ literally recording every event of a persons lifestyle and activities. All of this information is electronically date- and time stamped.

Mobile phone / device forensics is the process of recovering digital evidence from a mobile communication device under forensically sound conditions using accepted methods. This is done by both physically and logically extracting, analysing and documenting facts recorded on these devices. And although generally named mobile phone forensic, this field of expertise emphatically includes tablet computers, GPS navigation devices and media players as well.

Retrievable information

• Call history of dialled phone numbers and received calls, as well as call duration.
• Content of both sent and received text messages, including sender and recipient information.
• Multimedia files like recorded movie clips and stored photos including location data.
• Stored contact and address book entries, files, calendars and notes. E-mail messages including attachments, chat history, locations, and social network communications.
• Meta data, the proverbial ‘data about the data’, such as IMEI, Operating System, Firmware including SIM card details (IMSI), and last used BTS.

Supported devices

• Smart phones, including iPhone, Android, BlackBerry, Windows Phone, and Chinese chipset phones.
• Tablet computers, such as iPad, Android and Windows Tablet.SIM cards.
• Portable media players, including iPod.
• Removable storage media, such as SD and micro SD memory cards. Navigation devices (GPS) and Personal Digital Assistants (PDA).

Download data sheet in PDF:

Digital visual media is nowadays one of the main means of interpersonal communication. Unlike text and voice, visual media represent an effective and above all, natural way of communication between humans. This is due to their immediacy and ease in which humans can interpret and understand image content. As a result, both still imagery and video have become important information carriers in our digital era. However, in conjunction with the expressive potential of visual media and the ease of their acquisition, distribution and storage, they are also more and more exploited by persons and organizations with malicious intent. As a consequence, today images and videos represent a common source of evidence.

Image enhancement

Imagery relating to a crime or calamity is often of a quality that requires additional interpretation and enhancement, i.e. with regard to disputed identity or vehicle identification. Until recent, material suitable for enhancement was generally derived from security camera systems, either analogue or digital. Nevertheless, it nowadays emphatically encompasses an increasing variety of sources, ranging from mobile phones through webcams to aerial and satellite imagery.

Image authentication

Digital images are now routinely introduced to either substantiate or dispel alleged allegations or suspicions. Therefore, the ability to effectively distinguish between actual photographs from digital cameras and computer generated images has become of paramount importance. Validating photographic evidence, identification of type of camera used, and assessing the authenticity of social media images are just some examples.

Image interpretation and analysis

Image interpretation encompasses the process of drawing conclusions about subjects or objects depicted in images. Applications include, but are not limited to:

• The identification of subjects, objects, and events within imagery.
• Determining the conditions under which, or the process by which, the image was captured or created.
• Identifying en interpreting physical aspects of imagery.
• Retrieving the provenance of imagery.

Download data sheet in PDF:

Is your existing investigation process as effective as it could be? Understanding your organizations data has become a key factor with regard to adequate fact- finding and risk mitigation.

Xandstorm offers tailor-made investigative solutions designed to increase clients’ peace of mind. We take an integrative approach to investigations, combining open source research methods and digital forensics with non-digital field work in order to present clients with accurate and actionable information.

Investigation process

Our comprehensive process begins with mapping, monitoring and gathering online data for deep analysis. Expert researchers expand on these findings with discrete investigative methods to produce conclusive information.

Range

Our investigations cover a range of issues and allegations including but not limited to:

• Integrity related matters.
• Pre-employment screening / background checks.
• Credit & solvency check.
• Due diligence - know your customer / business partner.
• Corruption and (financial)fraud investigations.
• Sanction violations.

Download data sheet in PDF:

Disclosing protected data...

The ever increasing amount of data being protected through passwords and encryption, also implies a substantial increase in data loss because of lost passwords. And with the use of strong cryptographic products and multi factor authentication on the rise as well, disclosing protected data becomes more and more difficult when credentials or cryptographic keys are lost.

The human factor vulnerability

Besides lost or forgotten passwords, what about the disgruntled (former) employee that simply refuses to hand over the credentials used for securing confidential company data? This becomes particularly problematic with biometric security measures in place. From a legal perspective it is not easy to enforce a current or former employee to provide his or her fingerprints for data disclosure.

Cryptanalysis and Decryption

Nowadays, passwords stored on computer systems are not kept in plain text, but rather as so called hashed values. These are the result of irreversible cryptographic algorithms that protect the actual password from being compromised.

Cryptanalysis and decryption refers to the analysis of protected data in order to identify weaknesses that will enable disclosure of that data without necessarily knowing the key or the algorithm.

Recovery and resetting of passwords

As most, if not all security measures and controls have weaknesses, fortunately the majority of passwords can be recovered or reset within a reasonable timeframe. Depending on the strength of the applied security, passwords can sometimes even be recovered or reset instantly. On the other side of the complexity spectrum, when extremely strong cryptographic controls are utilized, data can sometimes only be disclosed by brute forcing methodology. This adds substantial time to the disclosure process, while some security controls are so strong it might even take years or indefinite to disclose the data concerned.

Xandstorm provides password recovery and decryption services covering more than 200 individual file types. Utilizing hardware accelerated computing and a distributed network of dedicated decryption nodes, we are able to disclose data that was thought to be lost for ever.

Download data sheet in PDF:

Managing security breaches...

Security breaches happen!

There are a plethora of information security products and services available that all address pieces of the vulnerability landscape. However, no single technology or product will keep an organization 100% safe and secure. It is therefore not a question of if you will be attacked and suffer a security breach, but when and to what extent. Implications are that if a security breach occurs, it can easily escalate and becomes a traumatic experience, but it can also be an anticipated risk. This choice is totally up to your organization’s risk management strategy and planning.

Vulnerability landscape

Technology taking over many parts of the corporate world, has caused a shift with respect to the required capabilities and intentions of people and organizations with malicious intent. This shift has changed to such an extent that it is safe to conclude that all crime has directly or indirectly become computer crime. Hackers, cyber criminals, terrorists, disgruntled employees, and even nation states, just to name a few. Over the past years these groups have become efficiënt, persistent, and well funded organizations who’s mission it is to penetrate and compromise computer networks and automated information systems.

Their objectives are compromising trade secrets like intellectual property, financial records, customer data, and even the complete dismantling of your company’s critical business processes. Besides significant financial consequences, your organization can suffer a substantial loss in productivity, time, and reputation.

Incident Response

Incident response is an organized approach to addressing and managing the above mentioned (information) security breaches, and the aftermath thereof. It encompasses limiting negative effects, reducing recovery time, and identifying the person(s) and / or organization(s) responsible.

Critical support when you need it most

Xandstorm provides Incident Response services both remotely and on-site in order to assist organizations mitigate the impact of security breaches and recover critical business processes in a timely manner.

Download data sheet in PDF:

In today’s information-driven global economy, the competitive position of commercial organizations depends to a large extent on the information they have at their disposal. Information has become a highly significant production factor representing considerable economic value. Therefore, development of an information security plan begins with the acceptance that information is an important asset that needs to be adequately protected against compromises. Unfortunately, often the level of information security measures in place are not in accordance with the informations actual intrinsic value. This results in some information being over-protected while other highly sensitive information not having enough protection.

Protecting trade secrets

The (particular) knowledge and information that enable commercial organizations to achieve their competitive advantage are known as trade secrets. Trade secrets enable to steer decision making processes in such a way as to achieve economic benefits. They serve to create accessibility thresholds for competing organizations that aspire to exploit the same market segment. Since there are no more competitive advantages to speak of once trade secrets have been compromised, their adequate protection is of essential importance.

The human factor

By far, the most vulnerable aspect within information security is the human factor. An integral security awareness program should therefore be simultaneously developed to effectively control the human factor within the information security chain. The one can simply not exist without the other.

Information security defined

The foundational principles of information security are confidentiality, integrity, and availability. Confidentiality is the assurance that only those persons and organizations who are authorized can actually access sensitive information. Integrity encompasses the assurance that the information that is present, stored and processed within the information architecture is accurate and unaltered. Availability is the assurance that the information is accessible when required.

Nevertheless, the ultimate objective is to provide management with the necessary information to make well-founded decisions regarding the protection of sensitive information. It can be considered a basic requirement to safeguarding the organizations considerable interests. For this reason, clear and measurable information security objectives need to defined beforehand to prevent poor design decisions that may lead to uncomfortable realities after implementation.

Standardization

As every organization and market segment is unique, a variety of international norms exist today.

Xandstorm can develop and implement information security plans that are compliant with several international norms.

Download data sheet in PDF:

The majority of damaging cyber attacks are the result of exploiting well-known vulnerabilities in operating system and / or application software products. This implies that as your organization’s dependence on technology increases, the risk of your automated information systems becoming compromised also increases.

New vulnerabilities are discovered every single day.

After all, today’s person’s and organization’s with malicious intent are more advanced than ever. And with the growth of world-wide hacking groups and even state-sponsored attacks, no industry sector or system is immune from attack.

Vulnerability scanning

Vulnerability scanning encompasses the scanning of automated information systems in order to assess the threat of vulnerable system and application software, and or outdated security controls. It is a cost effective and proactive way of identifying security vulnerabilities in computer systems.

The objective of vulnerability scanning and management, is identifying potential technical vulnerabilities at such an early stage, they can still be eliminated before escalating into actual calamities.

Vulnerability management

When developing an information security strategy, the emphasis should always start with prevention of attacks instead of detection. Most if not all information security breaches occur because organization’s leave gaps in their defenses, that are subsequently exploited by people and / or organization’s with malicious intent. Protection from malware, hackers and even rogue insiders with admin rights requires tighter governance of system security than ever before.

With Xandstorm vulnerability scanning, your organization takes a proactive step against the threat of cyber crime. This enables adequate safeguarding your organization’s considerable interests by building and strengthening your defenses and decreasing your risk of a severe data breach.

Download data sheet in PDF:

A penetration test is an authorized attempt to test the strength of an organization’s information security chain. Under controlled circumstances, system vulnerability exploits are being identified and utilized to try to compromise computer- and network- systems. However, without the intention of actually harming the system.

More specifically, penetration testing encompasses attacks of a technical nature on a computer system with the intention to gain access to the system, and control its functionality and data. This is done in the same way a hacker with malicious intent would. A penetration test provides insight into the organization’s defenses that were sufficient and the ones that were defeated or circumvented.

Penetration testing can also be utilized to validate the efficiency of in-place command-, control-, and security- mechanisms, as well as end-users’ compliance with information security policies.

Objective

The main objective of penetration testing is to determine if an automated information system is vulnerable to attack by a hacker, or person or organization with malicious intent. Penetration testing typically includes network security testing and application security testing, as well as controls and processes around the infrastructure.

Vulnerability scanning VS penetration testing

Penetration testing distinguishes itself from general vulnerability scanning but the two phrases are commonly interchanged. However, their meaning, implications, and objectives are very different. A vulnerability scan only identifies and reports vulnerabilities. Whereas a penetration test emphatically attempts to exploit the identified vulnerabilities to determine whether unauthorized access or other malicious activity is possible. This way, certain information security issues can be discovered that might be difficult to find using manual analysis or vulnerability scanning techniques alone.

Download data sheet in PDF:

Xandstorm is a privately owned commercial entity, that provides Digital Forensic and Incident Response services aimed at commercial and government organizations in the Caribbean region. Our services portfolio offers a total solution in this field.

Mission

Controlling the human factor within the digital security and intelligence chain by providing high grade digital forensic and investigative knowledge to enable our customers to safeguard their considerable interests.

Vision

To become the most respected Digital Forensics and Incident Response company throughout the entire Caribbean and Latin American region. Besides the constant development of high grade digital forensic services and training solutions, we offer our customers access to fully equipped, redundant, and ISO/IEC-17025 compliant digital forensic laboratories.

Motto

Coincidence does not exist. This is how we call the outcome of a cause we can not see. By Voltaire, French philosopher (1694 - 1778).

Xandstorm is committed to safeguarding your privacy. This privacy policy sets out how we collect, use and protect personal information that intentionally or unintentionally is provided, collected or exposed when visiting and / or using our website https://www.xandstorm.com.

What information do we collect

Xandstorm collects: General summarized information about visits to, and the use of, our website. This includes IP addresses, geographical location data, browser type and version, operating system, referral source, length of visit, page views and website navigation. No information is intentionally collected in a way that will uniquely identify individual visitors; Detailed uniquely identifiable information when you register on our website or communicate with us; including when requesting a proposal, placing an order, subscribe to our newsletter or fill out and submit a web form. This also applies to information provided to us for the purpose of communicating with or through us, as well as any other information intentionally chosen to send to us; Detailed financial information relating to any transactions carried out between you and Xandstorm on or in relation to this website.

What we do with the information we collect

Xandstorm utilizes collected information to: Better understand your needs and provide you with a better service; Administer our website, evaluate the results of Search Engine Optimization (SEO) and online marketing campaigns and / or make adjustments to these. Enable the use of services available on the website; Send requested information, goods or services purchased through our website; Send statements, invoices and collect payments; Deal with enquiries and complaints; Using the e-mail address which you have provided, to occasionally send promotional messages about (new) products, services, special offers or other information which we think you may find interesting.

How we protect collected information to safeguard privacy

Xandstorm is committed to ensuring that your personal information is secure. In order to prevent compromises caused by unauthorized access or unintentional disclosure, we have put in place solid organizational, infrastructural and technical procedures and measurements to safeguard and secure collected information.

Amongst others, this is realized through: Encrypting all incoming and outgoing e-mail communications through Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols; Not placing session-, persistent-, or so called zombie cookies and other tracking code on your hard disk when using our website; Utilizing a security certificate to encrypt the contents of the data transfer between our web server(s) and your web client (browser). This includes the encryption of data you send to us when filling out and submitting any of the web forms on our website. Please note that the use of a security certificate, will still expose the fact that you visited our website to at least your Internet Service Provider (ISP).

Disclosure of information

Xandstorm will not sell, distribute, lease or disclose your personal information to third parties, unless we have your permission, are safeguarding our considerable interests, or are required by law to do so. This includes: In connection with legal proceedings or prospective legal proceedings; In order to establish, exercise or defend our legal rights, including providing information to others for the purposes of preventing fraud, reputation damage and reducing economic risk; A person or organization who we reasonably believe may apply to a court or other competent authority for disclosure of privacy sensitive information where, in our opinion, such court or authority would be likely to order disclosure of that personal information.

Other important notices regarding your privacy

Data transmission over the internet is inherently insecure, therefore we can not fully guarantee the exclusiveness of data sent over the internet; Despite the utilized security measures, Xandstorm strongly recommends to encrypt the content of e-mail messages you intend to send to us. Our public key can be found here; Our website may contain links to partners and / or other websites of interest. However, once you have activated these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot guarantee the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. You should exercise caution and assess the privacy policy applicable to the website in question;

This privacy policy applies only to information collected, provided, or exposed through our website; We may update this privacy policy from time-to-time. Please visit this page periodically to assess you are still satisfied with the content; If you believe that any information we are holding on you is incorrect or incomplete, please write or email us.

-----BEGIN PGP PUBLIC KEY BLOCK----- mQENBFIXkKABCADULEKEsoD24KgqS/mbzi+Ka3JZ88DK8qNcTWulREdIb0R+DdXV hstJKzeOBES2vy6SR/2GyK9s5169ioev+6vd6x489SZ72nDQdShv5CAx0h+i5xsj QcxWFDe6cGyLTU9ENH/WJqfLxjDlUkomgKnVY7d44s/PVXMaRnSqnk1ozUNjvTlN agyB8sjNdmFca7WJ3tjjBSa8LtkGs0sUi6SvFsu3C3sidup5tCSSF9YV9OckYkh1 d7POD+N1YCLa2PuuhunXJ5qcny0RdZ2gi47tnSYKHTWDFT++9y4bdabBLaE63ASa JjbugabmlLgl0W7D+LMlPf/Jm9dxYSFUV9CFABEBAAG0QVhhbmRzdG9ybSAtIENv dW50ZXJpbnRlbGxpZ2VuY2UgYW5kIFNlY3VyaXR5IDxpbmZvQHhhbmRzdG9ybS5j b20+iQE9BBMBCgAnBQJSF5CgAhsvBQkHhh+ABQsJCAcDBRUKCQgLBRYCAwEAAh4B AheAAAoJEB2lAXfC/rmuJ/cH/iSh5Kkq9Kd2eGYkEg26P3FMjVgN26FtrmZiWgO6 6jWtwaitad+28RHC/IkVO6Ulz3clWeGRvfCakmnh2TXPwtkqzoTYQdMIIumwYFdI EY0GkDo0GHSzRdNTohAIbkDzwkpdaJRrjCi8fxmA1oPPNASJao7Pxqnm7KIMW0Vv 483iRWdxgeD6VqXDEXJVHzlEUStINwvOwNmFUsf19XBQx3rQi9OLVijleB4tCBsR MTDXvw1F9cRs5uYvPuMkUlNNIN73LN+5+pYiEcH4U4AbfN7ejdEdfTCc8RXas3OW gLY3EFSFj1C7r5D94WAcx7koESZw9MuUKv0VFw4ixTgz6Oe5AQ0EUheQoAEIAMQu IpsfS+V+H+Uk163jrkqr/ti+450el3y9NumgOWsKPpqCjCLLxHKETRhMrW52Gs+k Egf9E4Os2W+Jyg+E6lxcatj/saoZxzxvw+q7QuRFdbYsW0uUSqaipPuSHGtSVpm/ fC2cMKqYA69BH5T4+sMi6BQGedhMKUaSna/GBYrBVFOFVSAzJ2zHAIpHciYThlwg vGaQNgFBENIeUvFV97Ia9ntZi8dsnBXmx3KM+WhU7t1dKOGs7Qif0OxZESAVYf/O ATJh8IqLzZx5NX/UsHhdJZxKxVRVzs4O7hkLtYX0FGLKenM80Setnke6XIa97f6u KmZiWj83WKWoV8VjwOUAEQEAAYkCRAQYAQoADwUCUheQoAIbLgUJB4YfgAEpCRAd pQF3wv65rsBdIAQZAQoABgUCUheQoAAKCRC/PE8l/1Ce5jw7B/9ZQKPGnpFIEB5z 3JbJnv6xb414eAz3pwRjqjoEqTJCWQ8t/aIJlcczkZXp1SEe1gi4lWu+5TI5JO4e p5+mCMGoqb0/08pKHGI8Gl97wKKXZT9F+6wWbrxlfIR4c+uGDJjDMJ15zP+lghcn qSppQoEdnxbjehwJE2O+BauKPVtnCi80gCyDfPYjVsUFnwPSWTvRzmpdYi+fLY1B UAwcVT1GYMXZycLn58T/DXoOmpIWTlq0Y5ph7dHukWPtmfkFT1aLWxvgujnKFQ+w bj8Qf9mFykZOPjxf1nuvlDMcMI4DpnMgporePSAoBxIH0BUYuB4puKhPuua/gHee 9DgYJtQbBlYIAKHrBWLfM2nTfaHtfrKCEXZaFhyjFOr4hjNrSSjPBxWgn39gPieh o3FMWi5aBALdEP7WadUYYv0MA48mc52hMzxx83DXA2Z9OBEBW2ZJbKVzN87NjRBU CRVMjEYM4mUfPLCPOUyy/SsAXw55JAAA9mgM4jRZscsww+jRSwO0uO4hwLYghW6O H8IMTcKDPSr/YWAiIOYLSSKJfqSP7Ru6ZAZNuAoM9g1VKxU4uUFA5nPv7q8N8ZcG NIn1Q2j7hVNN75nn98sxZtLo00e9Hff7fFj3pA7M+jSp7Rbw9qCrdRecMIJDImbm yFcWSdjswadHsxQTvFKwgHN/7tZxl+zYVkw= =i+Hi -----END PGP PUBLIC KEY BLOCK-----