24/7 Forensics Hotline

06-FORENSICS

Digital Forensics door Neo Security

Bewijs nodig voor juridische stappen? Onderzoek naar datalek? Wij reconstrueren digitale incidenten met forensisch verantwoorde methoden. Van RAM-analyse tot timeline reconstruction - we halen de feiten boven water.

500+

Forensische onderzoeken

100%

Court-admissible evidence

Direct ContactStart Onderzoek

Wat is digital forensics?

Digital forensics is wetenschappelijk onderzoek van digitale sporen. We gebruiken gespecialiseerde tools en methodieken om data te preserveren, analyseren en reconstrueren - altijd volgens strikte chain-of-custody procedures.

Write-blockers voor data integrity
Cryptographic hashing (MD5/SHA256)
Court-admissible documentation

Forensische Capabilities

Data Recovery & Analysis

  • Deleted file recovery (NTFS/ext4/APFS)
  • RAM memory analysis & volatile data capture
  • Browser artifacts & web history reconstruction
  • Email forensics (PST/OST/MBOX analysis)
  • Database reconstruction (SQL/NoSQL)
  • Encrypted drive analysis (BitLocker/FileVault)

Network & System Forensics

  • Network traffic analysis (PCAP deep dive)
  • Log correlation across multiple systems
  • Active Directory forensics & timeline analysis
  • Cloud forensics (AWS/Azure/Google Cloud)
  • Container & Kubernetes forensics
  • Mobile device forensics (iOS/Android)

Malware & Incident Analysis

  • Malware reverse engineering
  • Ransomware strain identification
  • C2 infrastructure mapping
  • Lateral movement reconstruction
  • Data exfiltration path analysis
  • APT attribution & TTP mapping

"Elke byte telt. We gebruiken Volatility voor memory forensics, Plaso voor timeline analysis, en custom Python scripts voor correlation. Het verschil tussen 'denken te weten' en 'forensisch bewijzen' is wat rechtszaken wint."

Peter van der Berg

Lead Forensic Investigator

Onze Forensische Methodologie

1

Initial Response

0-4 uur

Activities

  • Remote triage via EDR/forensic agents
  • Memory dump acquisition
  • Critical log preservation
  • Chain of custody establishment

Deliverable

Preliminary findings & evidence preservation

2

Deep Dive Analysis

2-7 dagen

Activities

  • Timeline reconstruction (Plaso/log2timeline)
  • Registry & artifact analysis
  • File system forensics
  • Network forensics & PCAP analysis

Deliverable

Technical forensic report with IOCs

3

Business Impact Assessment

1-3 dagen

Activities

  • Data classification & exposure analysis
  • Regulatory impact assessment
  • Attribution confidence levels
  • Remediation roadmap

Deliverable

Executive report & legal documentation

Praktijkcases uit onze Forensische Practice

Echte incidenten, concrete resultaten. Details geanonimiseerd voor vertrouwelijkheid.

Insider Threat - IP Theft

Senior engineer suspected of stealing source code before joining competitor

Technical Approach

PowerShell history analysis + Git repo access logs + USB device tracking

Key Findings

3GB of proprietary code exfiltrated via personal GitHub over 6 months

Business Impact:

€1.2M settlement, criminal prosecution initiated

Time to Evidence:

48 hours to conclusive evidence

Ransomware Investigation

Manufacturing firm hit by targeted ransomware, €500K ransom demand

Technical Approach

Memory forensics + network traffic analysis + backup integrity verification

Key Findings

Initial access via unpatched Fortinet VPN, 14-day dwell time before encryption

Business Impact:

Full recovery without ransom payment, insurance claim approved

Time to Evidence:

72 hours to full incident reconstruction

Financial Fraud Detection

CFO suspected of manipulating financial records before acquisition

Technical Approach

SAP change logs + email pattern analysis + deleted file recovery

Key Findings

€3.2M in hidden liabilities discovered through recovered spreadsheets

Business Impact:

Acquisition price adjusted, legal action against former CFO

Time to Evidence:

5 days comprehensive investigation

Enterprise-Grade Forensic Tooling

Acquisition Tools

FTK Imager
dd/dcfldd
Guymager
Cellebrite UFED
Magnet AXIOM

Analysis Platforms

EnCase
X-Ways Forensics
Autopsy/Sleuth Kit
Volatility 3
SIFT Workstation

Specialized Tools

IDA Pro (reverse engineering)
Wireshark (network)
Plaso (timeline)
YARA (IOC matching)

Custom Forensic Development

Naast commerciële tools ontwikkelen we custom Python scripts voor specifieke forensische challenges. Van automated log correlation tot custom artifact parsers voor proprietary formats.

Python forensics librariesElasticsearch for analysisCustom artifact parsers

Wanneer Digital Forensics inschakelen?

Incident Response

  • Ransomware attack - need for attribution
  • Data breach - extent determination
  • Insider threat - evidence collection
  • Fraud investigation - financial forensics

Proactive Forensics

  • M&A due diligence - IT asset verification
  • Compliance audits - data handling verification
  • Employee exit - sensitive data checks
  • Legal disputes - evidence preservation

Every Byte Tells a Story

Digitaal bewijs verdwijnt snel. RAM wordt overschreven, logs roteren, timestamps veranderen. Hoe sneller we beginnen, hoe completer het verhaal.

Transparante Forensische Dienstverlening

Incident Response

€275/uur

24/7 beschikbaar, 4-uur minimum

Forensic Investigation

€225/uur

Planned investigations, detailed reporting

Expert Witness

€350/uur

Court testimony & legal support

Wat is inbegrepen?

Write-blocked evidence acquisition
Chain of custody documentation
Technical & executive reporting
30-day evidence retention

Digital Evidence. Legal Certainty.

Van volatile memory tot deleted files, van network traffic tot cloud artifacts - we reconstruct the digital truth. Court-admissible, technically sound, business-focused.

24/7 Forensics Hotline

+31 20 716 5487

Direct contact met certified forensic investigator

Start Forensisch OnderzoekIncident Response Team