Nuix Launches Incident Response Solution

Rapidly Uncover the Cause, Scope, and Remediation Path for Data Breaches

Nuix, a technology company that enables people to make fact-based decisions from unstructured data, has launched Nuix Incident Response, an innovative investigative tool that rapidly delivers deep insights into the cause and scope of data breaches. It harnesses the Nuix Engine’s unique abilities to ingest data natively from hundreds of file types and data formats, adding built-in intelligence to guide incident responders toward the key evidence of internal or external breaches.“Organizations are losing the battle against data breaches—attackers typically compromise their targets within hours or days, but these attacks can take weeks to detect and months to resolve,” said Dr. Jim Kent, Global Head of Investigations & Security and CEO North America at Nuix. “Nuix Incident Response is a breakthrough technology that replaces complex manual processes with automation and intelligence to reduce the gap between detection and remediation, and thus minimize the damage suffered as a result of breaches.”

Nuix Incident Response builds on the Nuix Engine’s ability to ingest and analyze vast volumes of data from multiple sources with great speed and forensic depth. It adds:

•Context user interface. This powerful new visualization automatically filters, groups, and links items of interest to breach investigators. It is a fast and intuitive way take large numbers of items and allow the most interesting and relevant ones to float to the top.

•Volatile system and network information. Nuix’s Collection technologies can now gather live information including running processes, application handles and threads, services, drivers, network sessions, IP and MAC addresses, open ports, network routing tables, time zone, screen captures of running applications, and network traffic.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

•Log file, Logstash, and GeoIP Analysis. Nuix Incident Response adds to Nuix’s native ability to handle common log files by ingesting Logstash outputs. Incident responders can enrich the content of log files using Logstash filters such as the GeoIP filter to geo-locate IP addresses and generate item-count or heat maps.

•Fuzzy hashing. With SSDeep “fuzzy” hashes, Nuix Incident Response can identify near-duplicate executable files such as malware that modifies itself as it replicates over a network. The application can also import SSDeep hash lists to leverage third-party intelligence feeds, and export hashes of newly identified malware.

“With Nuix Incident Response, organizations can conduct post-breach autopsies across vast volumes of data from potentially thousands of endpoints, applying contextual intelligence and establishing links and relationships across the evidence” said Stuart Clarke, Director of Cybersecurity and Investigations at Nuix. “These are an essential capability if organizations are to contain external or insider breaches before they become highly damaging public events.”

Leave a Comment

Latest Videos

Digital Forensics News Round Up, February 28 2024 #digitalforensics #dfir

Forensic Focus 29th February 2024 4:58 pm

Digital Forensics News Round-Up, February 21 2024 #digitalforensics #dfir

Forensic Focus 21st February 2024 6:19 pm

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts. 

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director 
43:45 – Privacy of user data

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts.

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director
43:45 – Privacy of user data

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_ifoHVkjJtRc

How MSAB Is Managing The Digital Forensics Challenges Of Frontline Policing

Forensic Focus 21st February 2024 3:07 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles