Providing access to expertise in the school of Computing Sciences.


Computer Network Forensics

Business Challenge

Large organisations have data stores which are targets for criminals looking for credit card and commercially sensitive information for resale to organised crime gangs and terrorists. When a data centre has been breached the traditional forensic technique has been to take an image of each machine and analyse it looking for evidence. This process requires a skilled investigator and is very time consuming, expensive and is impractical for large numbers of machines.

The challenges set are how can these businesses accurately identify all the machines that have been compromised, quantify how much data has been stolen, and identify the weakness in their security and to turn that information into actionable risk management decisions.

Our Solution & Expertise

SYS Consulting has considerable experience developing data-mining techniques. New techniques have been developed to allow an investigator to examine the network flow information to identify the machines which the criminal has compromised. These techniques provide the only mechanism to identify all the machines the attacker has been in contact with other than by manual inspection of every machine. The speed with which an investigation can be conducted is also increased.

Business Outcome

The techniques we have developed, along with our skills, provide the only cost effective way to understand large-scale network activity over an extended time period.

The ability for a business to understand what has actually happened and respond to an incident in a timely and effective manner can be the difference between the business surviving or failing.

More Detail

For further information download the full Computer Network Forensics Case Study.