Remote Incident Response Kit.
Rapid forensics of
Windows or Android devices.
Overview
For many companies investigating a device-specific security incident, standard procedure is to remove the affected device from the network prior to reinstalling it.
Unfortunately, vital evidence regarding the cause and effect of the incident is subsequently destroyed. That leaves the organisation no wiser and, more importantly, still exposed to the same or similar attacks in the future.
Even large companies with fleshed out security teams can lack the time, human resources or an adequate data gathering tool for same-day device scanning.
Rapid and comprehensive forensics tool
Our Remote Incident Response Kit is designed to rapidly gather all security-related data from a device and to furnish incident responders with evidence. As such, the software acts as a data collector, an automated forensics backend server, and a reporting module.
Well-suited forensics software for large organisations
For large security teams comprising professional incident responders, the Remote Incident Response Kit is an essential stand-alone tool for gathering data quickly for internal security specialists to analyse the device’s artefacts for malicious activity.
Quick and easy forensics software for small organisations
For smaller organisations that lack professional incident responder skills, the Remote Incident Response Kit is quick and easy to run.Thereafter, CSIS offers access to 24/7 forensics security specialists who ensure that the forensics analysis is complete and accurate, and that the correct conclusions have been drawn before recommendations are made.
Operating system compatibility
Supports all Windows-based client operating systems actively supported by Microsoft, and in all Microsoft-supported languages.
Also available for Android devices, and can be downloaded from the Google Play store.
Key features
- Works on Windows or Android devices.
- Does not require specialist training.
- Can be executed from any software deployment tool.
- Remote scanning, from anywhere.
- No pre-installation of software required.
- Result- and recommendation-based report.
Benefits
- Understand rapidly if, how, when and with what a device has been breached.
- Comply with legal requirements by documenting and analysing security incidents.
- Save money and time by outsourcing to security specialists.
- Get 24/7 support from forensics security specialists.
- Use reports in legal proceedings or for auditing purposes.
4 typical use case scenarios
1. You have a security incident you want to investigate
- e.g. a device is infected with ransomware.
2. You have a suspicion that a security incident has occurred and you want to investigate it.
- e.g. your browser crashes after clicking on a link.
3. You want to make a routine investigation
- e.g. you have been to a series of conferences in the Far East.
4. You want to do “real time” threat hunting
- e.g. You run the software periodically on high profile targets in your organisation.
Process
How it works
- You suspect a breach, and run the Remote Incident Response Kit to gather data
- The case is analysed by the automated forensics backend
- You view the case on the CSIS Threat Intelligence portal.
If you have an SLA with CSIS:
- CSIS security specialists ensure the analysis is complete and accurate
- You access the final forensics report
- You act upon recommendations within the report.
The software
- scans the device for signs of infection
- performs a complete memory dump
- creates a baseline for future comparison, and
- sends all collected data to CSIS security specialists for confirmation.
When malicious activities have been detected, the report documents:
- when exactly the device was infected
- how exactly the device was infected, and
- what exactly was the device has been infected with.
The reports can be used for legal proceedings, for auditing purposes, or even as crisis management background material.
Types of data collected
- Traffic Analysis
- System Diagnostics
- Suspicious files
- Browser history
- Registry backup
- AppData backup
- EventLog backup
- File timeline
- File integrity
- Memory dump