[et_pb_section fb_built=”1″ _builder_version=”4.16″ _module_preset=”default” custom_padding=”0px|||||” global_colors_info=”{}”][et_pb_row _builder_version=”4.16″ _module_preset=”default” custom_padding=”||10px||false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_image src=”https:\/\/kalweit-its.de\/wp-content\/uploads\/2022\/05\/harddrive-2619020_960_720.jpg” title_text=”harddrive-2619020_960_720″ _builder_version=”4.16″ _module_preset=”5556ca2a-c406-479f-b7c7-1a37901659d5″ global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.16″ _module_preset=”default” custom_padding=”0px|||||” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ _module_preset=”default” text_font=”|||on|||||” global_colors_info=”{}”]<\/p>\n
[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=”1″ module_id=”security-consulting” _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_row _builder_version=”4.16″ _module_preset=”8d58e759-e650-4217-8248-3d6426f90cd2″ global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n
IT security incident in your company? We collect court-proof and audit-proof evidence on your behalf. [\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”1_2″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n Court-proof and audit-proof preservation of evidence in the form of a forensic computer report.<\/p>\n <\/p>\n <\/p>\n Securing of all necessary files, which are needed as evidence e.g. for further digital forensic measures<\/p>\n<\/li>\n<\/ul>\n <\/p>\n Recovery of deleted or hidden data from digital devices, if these data are basically present by means of file carving<\/p>\n<\/li>\n<\/ul>\n <\/p>\n Collection of evidence on the basis of Locard’s principle for the identification of a suspect and a motive<\/p>\n<\/li>\n<\/ul>\n <\/p>\n File backup in compliance with the chain of custody for the integrity of the digital evidence<\/p>\n<\/li>\n<\/ul>\n [\/et_pb_text][\/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_image src=”https:\/\/kalweit-its.de\/wp-content\/uploads\/2022\/03\/image-26.jpg” title_text=”image (26)” module_class=”crop-img-3-2 animate-img” _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_text module_id=”DevSecOps” _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_5,1_5,1_5,1_5,1_5″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”1_5″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n The first stage implies the identification of study objectives and required resources. We first identify the evidence and the type of data we are dealing with, including the devices on which the data is stored. As digital forensics specialists, we work with all types of electronic storage devices: Hard drives, cell phones, PCs, tablets, etc.<\/p>\n [\/et_pb_text][\/et_pb_column][et_pb_column type=”1_5″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n At this stage, we ensure that the data is isolated and properly stored. This is done according to the Never Touch Original principle, so that evidence is secured and work is done only on images. The secured original devices remain untouched until the end of the investigation.<\/p>\n <\/p>\n [\/et_pb_text][\/et_pb_column][et_pb_column type=”1_5″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n The analysis phase involves a thorough systematic search for relevant evidence. We work with both system and user files and data objects. Based on the evidence found, we now begin to draw conclusions.<\/p>\n \n \n <\/p>\n [\/et_pb_text][\/et_pb_column][et_pb_column type=”1_5″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n In this phase, all relevant evidence found is documented. A Why-Because analysis is provided, which gives authorities new impetus in their investigation.<\/p>\n \n \n <\/p>\n [\/et_pb_text][\/et_pb_column][et_pb_column type=”1_5″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n At the final stage, all evidence and conclusions are reported in accordance with the forensic protocols, which include the methods and procedures of analysis and their explanations.<\/p>\n \n \n \n <\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=”1″ module_id=”devsecops” _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_row _builder_version=”4.16″ _module_preset=”8d58e759-e650-4217-8248-3d6426f90cd2″ global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n Versatile use: Whether to clarify the question of guilt in court, vis-\u00e0-vis your business partners or to present to your insurer. [\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”2_5″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n [\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n Timeline Analysis: <\/u><\/b><\/p>\n – Listing of system events by time to facilitate identification of activities<\/p>\n Keyword Search: <\/u><\/b><\/p>\n – With text extraction and index search modules we can find files that contain certain terms or match our regular expression patterns (RegEx)<\/p>\n Web artifacts: <\/u><\/b><\/p>\n – We extract web activity from common browsers to identify user activity<\/p>\n Registration Analysis: <\/u><\/b><\/p>\n – Recently accessed documents and USB devices can be identified this way<\/p>\n LNK file analysis: <\/u><\/b><\/p>\n – Identification of links and retrieved documents<\/p>\n Email Analysis: <\/u><\/b><\/p>\n – Analysis of messages identified on the system<\/p>\n EXIF data: <\/u><\/b><\/p>\n – Extracts location and camera information from JPEG files<\/p>\n File system analysis: <\/u><\/b><\/p>\n – Support for common file systems, including NTFS, FAT12\/FAT16\/FAT32\/ExFAT, HFS+, ISO9660 (CD-ROM), Ext2\/Ext3\/Ext4, Yaffs2<\/p>\n Unicode String Extraction: <\/u><\/b><\/p>\n – Extraction of strings from unallocated space and from unknown file types in all common languages<\/p>\n File type detection:<\/u><\/b><\/p>\n – Based on signatures, we index the system and detect mismatched extensions, such as is the case with malware<\/p>\n Android and iOS system analysis: <\/u><\/b><\/p>\n – Extract data from SMS, call logs, contacts, Tango and more, among others<\/p>\n \n <\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_row _builder_version=”4.16″ _module_preset=”default” custom_padding_phone=”30px||0px||false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”2_5″ _builder_version=”4.16″ _module_preset=”default” custom_css_main_element=”z-index: 3;” global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ _module_preset=”default” text_orientation=”right” custom_margin=”40px|-90px|||false|false” custom_margin_tablet=”0px|0px|||false|false” custom_margin_phone=”0px|0px|||false|false” custom_margin_last_edited=”on|desktop” text_orientation_tablet=”left” text_orientation_phone=”left” text_orientation_last_edited=”on|tablet” global_colors_info=”{}”]<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n <\/p>\n By interpreting strings, examining Windows API calls or identifying packaged malware, and detecting host-based signatures, we get an initial overview. We then detonate the malware in a controlled environment to collect network signatures and identify malicious domains and second-stage payloads.<\/u><\/b><\/p>\n <\/p>\n [\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_image src=”https:\/\/kalweit-its.de\/wp-content\/uploads\/2022\/05\/footprint-3482282_960_720.jpg” title_text=”footprint-3482282_960_720″ module_class=”crop-img-3-2 animate-img” _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”3_5,2_5″ module_class=”ff-t-col-custom-order” _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”3_5″ module_class=”ff-t-col-order-2″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_image src=”https:\/\/kalweit-its.de\/wp-content\/uploads\/2022\/05\/magnifying-glass-450691_960_720.jpg” title_text=”magnifying-glass-450691_960_720″ module_class=”crop-img-3-2 animate-img” _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][et_pb_column type=”2_5″ module_class=”ff-t-col-order-1″ _builder_version=”4.16″ _module_preset=”default” custom_css_main_element=”z-index: 3;” global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ _module_preset=”default” custom_margin=”40px|||-90px|false|false” custom_margin_tablet=”0px|||0px|false|false” custom_margin_phone=”0px|0px|||false|false” custom_margin_last_edited=”on|desktop” global_colors_info=”{}”]<\/p>\n Analysis of malware in x86 assembly language <\/u><\/b><\/span><\/p>\n <\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n With x86 assembly, we can now perform advanced analysis. To do this, we use tools like Cutter and x32dbg to gain important insights into the malware at the lowest possible level. By controlling the malware’s execution flow and processing its low-level instructions in a debugger, we now get all the possibilities for advanced analysis.<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”2_5″ _builder_version=”4.16″ _module_preset=”default” custom_css_main_element=”z-index: 3;” global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ _module_preset=”default” text_orientation=”right” custom_margin=”40px|-90px|||false|false” custom_margin_tablet=”0px|0px|||false|false” custom_margin_phone=”0px|0px|||false|false” custom_margin_last_edited=”on|desktop” text_orientation_tablet=”left” text_orientation_phone=”left” text_orientation_last_edited=”on|tablet” global_colors_info=”{}”]<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n <\/p>\n Malicious documents and document-supplied malware are also analyzed by our experts, including malicious macros and remote template injections.<\/p>\n Embedded shellcode can also be identified and extracted by us. Identification also for scripted or obfuscated malware delivery techniques.<\/p>\n <\/p>\n [\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_image src=”https:\/\/kalweit-its.de\/wp-content\/uploads\/2022\/05\/art-ga3ec464f1_1920.jpg” title_text=”art-ga3ec464f1_1920″ module_class=”crop-img-3-2 animate-img” _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n Other fields of activity:<\/strong><\/p>\n <\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=”1″ disabled_on=”off|off|off” _builder_version=”4.27.0″ _module_preset=”default” global_colors_info=”{}” global_module=”8044″ theme_builder_area=”post_content”][et_pb_row _builder_version=”4.27.0″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.27.0″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.27.0″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n [\/et_pb_text][et_pb_button button_text=”Open calendar” button_alignment=”left” disabled_on=”off|off|off” module_class=”button-cta open-calendar-popup” _builder_version=”4.27.2″ _module_preset=”a224f92a-b498-4723-ae8f-50fe55cdb9e7″ button_font=”–et_global_body_font||||||||” custom_margin=”75px||||false|false” global_colors_info=”{}” theme_builder_area=”post_content”][\/et_pb_button][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”4.16″ _module_preset=”default” saved_tabs=”all” global_colors_info=”{}”][et_pb_row _builder_version=”4.25.1″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.25.1″ _module_preset=”default” global_colors_info=”{}”][et_pb_divider color=”#cc2e3e” _builder_version=”4.17.6″ _module_preset=”default” min_height=”19px” global_colors_info=”{}”][\/et_pb_divider][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n You can always reach us personally. Because loyalty based on partnership is far more important to us than short-term success.<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”1_2″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_team_member name=”Philipp Kalweit” position=”Managing Partner” image_url=”https:\/\/kalweit-its.de\/wp-content\/uploads\/2024\/05\/1Y2A6279-scaled-e1717084934875.jpg” linkedin_url=”https:\/\/de.linkedin.com\/in\/philippkalweit” _builder_version=”4.25.1″ _module_preset=”default” inline_fonts=”EuclidCircularB Light” global_colors_info=”{}”]<\/p>\n <\/p>\n +49 40 285 301 257<\/p>\n
<\/span><\/p>\n\n
\n
\n
\n
\n
Procedure<\/h2>\n
1.<\/h4>\n
2. <\/h4>\n
3. <\/h4>\n
4.<\/h4>\n
5. <\/h4>\n
<\/span><\/p>\nWe use the following techniques, among others:<\/h4>\n
Concrete use cases<\/h3>\n
Basic analysis<\/span><\/h3>\n
<\/h3>\n
<\/h3>\n
Documents<\/h3>\n
\n
Book your appointment<\/h2>\n
Your contact persons<\/h3>\n