Digital Forensics

Generally, the definition of digital forensics is “…the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.”(NIST).

 The forensics process includes collection of digital evidence, examination of it, analysis of the results and reporting of the whole process. Zelus offers the Digital Forensics Toolkit – DFT,  a set of solutions to make the forensics process easier for both businesses and forensic investigators.

Forensic Timeline Analyser

Collection and organisation of digital evidence can be a cumbersome task which requires lots of time and effort. Moreover, sorting the evidence by time makes the task even harder, but gives great value to a digital investigation. Examining actions and events happening at the same time or around the same time can potentially unveil valuable information and help investigators spot evidence patterns and hidden relationships that can lead to the root cause of an incident faster.

Our Forensic Timeline Analyser provides an intuitive and effective way to organise and visualise digital evidence in an interactive timeline which unlocks time inspection capabilities and reveals temporal relationships and activity patterns. The Analyser can be plugged in existing security and monitoring software, e.g. SIEM solutions, nagios, zabbix, snort, etc and offer extensive timeline representation of events, logs and measurements. Moreover, it can be used to enhance more traditional forensic analysis methods, by letting users create their own timeline of events by manually inserting events and milestones of a forensic investigation and view them on an online timeline visualisation which can be shared and therefore foster team-work during the investigation.

Easy Network Visualisation

Easy Network Visualisation (ENV) is a network performance monitoring and diagnostic (NPMD) tool which provides historical, real-time and predictive views into the availability and performance of a network and the application traffic running on it. Moreover, ENV provides diagnostic workflows and forensic data that help identify the root cause of performance degradations and also extract insights into the quality of the provided network services, based on network-derived performance data.

Network operators or IT managers can benefit from the easiness and speed of analysis that ENV can offer and therefore enhance decision making concerning network infrastructure maintenance or upgrade. ENV offers:

  • Traffic data analysis via netflow monitoring to reveal network-internal and external communication flows
  • Historical and Real-time network performance and behaviors analysis
  • Network Map visualisation, including endpoints, components and links
  • Ingestions of Network-device-generated health data
  • Integration with existing products and services, e.g. SIEM, NIDS, etc.
Netflow Inspection

Digital Forensics Service

Zelus offers a comprehensive service including all the steps of digital investigations. By utilising the available set of forensic tools as well as a proven methodology of planning and executing a forensic investigation, we provide businesses a single point of contact with respect to their forensics needs.

We collect, examine, analyse and report on the digital evidence found for an incident, with a fast and accurate process which guaranties results.