As digital forensic specialists AccessData incident responders are uniquely equipped to reconstruct a security event and trace an exploit back to its origin. Once we’ve detected an incident, exposed the exploit and payload, and identified all compromised nodes, we begin correlating attack vector artifacts and the initial indicators of the incident. We create a timeline using this analysis and ultimately determine where “patient zero” resides in your enterprise, as well as the source of the compromise.

The visibility we have into host and network data once we deploy our technology allows us to very quickly pinpoint all compromised assets. Deeper analysis of these assets and their ongoing network communications will reveal the delivery mechanism of the exploit, whether its email, removable media, physical access, an external website or network services. Timeline mapping of incident artifacts and proliferation among the identified machines will allow us to uncover “patient zero” and confirm the original source of the compromise.

This process using our technology is much more efficient, because although we are able to correlate log data and other enterprise intelligence, we are not reliant upon that data to perform the above analysis.