AccessData to Unveil Version 2 of Its CIRT Platform at Black Hat USA 2012

AccessData Group, the largest digital forensics technology company in the U.S. by revenue, today announced that it will introduce Version 2 of its Cyber Intelligence & Response Technology (CIRT 2) security platform at Black Hat USA 2012, July 21-26 in Las Vegas. CIRT is expected to have a major impact on enterprise IT security by delivering network forensics, computer forensics, large-scale data auditing, malware analysis and remediation capabilities in a single product. CIRT 2 enables incident responders and information assurance teams to view all critical data through a single pane of glass. It introduces Cerberus, the first integrated malware analysis and triage technology of its kind; in addition, CIRT 2 introduces removable media monitoring and now integrates with third-party alerting and security management platforms to allow CIRT to respond automatically when alerts are triggered…Black Hat USA is the premiere conference on Information Security (IS) in the U.S. The event brings together IS thought leaders from the corporate and government sectors, academia and even underground researchers, in highly technical sessions designed to share knowledge and insights. AccessData is a Silver Sponsor of Black Hat USA 2012.

In the age of advanced exploits such as Flame and Stuxnet, reliance on signature-based tools and data leakage prevention products is not enough, claims Jason Mical, director of network forensics at AccessData. “IDS, DLP and other tools of this kind don’t catch intrusions or leaked data unless you tell them specifically what to look for,” stated Mical.

CIRT is a total security framework that gives users the power to detect the unknown, greatly enhancing their ability to protect information assets from both internal and external threats. By correlating network and host data within a single interface, it allows security personnel to be unusually proactive in how they detect, analyze and remediate security breaches and data leakage.

The inclusion of AccessData’s Cerberus malware triage technology into the CIRT 2 platform achieves an even higher level of effectiveness. Cerberus allows first and second responders to automatically triage malware, determining behavior and intent without waiting for a specialized malware team. Its two-stage protocol quickly tallies a “threat score” approximating how dangerous a binary might be, followed by much more complex disassembly analysis that gives incident responders actionable intelligence without waiting for sandbox analysis.

“Today, when an organization discovers it has been compromised, it is often by accident and usually long after widespread damage has occurred,” noted Mical. “CIRT is designed to provide 360-degree visibility into what is happening across your enterprise to speed detection, root cause analysis and thorough remediation.”


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Key features of CIRT 2 include the following:

Correlate network and host analysis to quickly determine root cause and more effectively chase down advanced exploits and data spillage.
Identify and triage suspected malware, determining behavior and intent without the sandbox or reliance on signature-based tools.
Perform proactive and reactive enterprise audits to identify data spillage, such as personally identifiable information, payment card information or classified documents.
Play back security incidents in real-time to gain a better understanding of an exploit or data spill.
Build threat profiles and monitor to prevent incident recurrence.
Continuously monitor the network and information assets, including removable devices, on or off the organization’s network.
Perform batch remediation.

July 26th Briefings

In addition to its demonstrations of CIRT 2 from its Black Hat exhibit at Booth 534, AccessData will conduct mini-briefings on Thursday, July 26th in the Octavius conference area’s Verona meeting room. One attendee at each briefing will win a high-end laptop.

Times for the mini-briefings will be 8:15-8:35 am; 11:15-11:35 am; 1:00-1:20 pm; and 4:30-4:50 pm.

About AccessData Group:

AccessData Group has pioneered digital investigations and litigation support for 25 years. Its family of stand-alone and enterprise-class solutions, including FTK, SilentRunner, Summation and the CIRT security framework, enable digital investigations of any kind, including computer forensics, incident response, e-discovery, legal review and compliance auditing. More than 130,000 users in law enforcement, government agencies, corporations and law firms worldwide rely on AccessData software solutions and its premier digital investigation and hosted review services. AccessData is also a leading provider of digital forensics and litigation support training and certification. www.accessdata.com.

Contacts

SS|PR
Steve Fiore, 847-415-9329
[email protected]

Leave a Comment

Latest Videos

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools. 

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools.

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_7QiFTiuY7Vw

AI In CSAM Investigations And The Role Of Digital Evidence In Criminal Cases

Forensic Focus 22nd March 2023 12:44 pm

Throughout the past few years, the way employees communicate with each other has changed forever.<br /><br />69% of employees note that the number of business applications they use at work has increased during the pandemic.<br /><br />Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.<br /><br />Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.<br /><br />Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.<br /><br />With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.<br /><br />Join Monica Harris, Product Business Manager, as she showcases how investigators can:<br /><br />- Manage multiple cloud collections through a web interface<br />- Cull data prior to collection to save time and money by gaining these valuable insights of the data available<br />- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box<br />- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee<br />- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 12:00 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...