When computer systems were compromised, custom script was created to remotely triage and collect digital evidence and indicators of compromise by tier one personnel. Reduced tier three caseload by 75% due to false positives and reduced the need to take systems offline and reduce work stoppage.
Forensic Lab Creation and Deployment
As project lead, DJPaA proposed, budgeted and deployed hardware, software, policies and procedures in the creation of a state-of-the-art forensic lab for computer and mobile device forensics and malware analysis. This resulted in a significant increase in the processing speed of sensitive data. A workshop was also created to develop custom analytical methods to increase processing times.
Automated Malware Analysis
DJPaA served as project lead to eliminate manual examination of malware and created an integrated system to ingest malware in bulk form and analyze it for capabilities and origin. Manual analysis requirement was reduced to less than 5%.
Policy and Procedure Creation
We designed and deployed a company’s first IT Operations Policies and Procedures, and trained all employees on new systems. This eliminated repetitive actions and established daily standardization.
We created a system to provide documentation and accountability of system changes. Changes were made during scheduled maintenance windows, allowing for uninterrupted workflow and reduced maintenance hours due to preliminary testing.
Hard Drive Development Policy
DJPaP created a golden image (master copy) of standard software to be deployed, significantly decreasing man hours required to deploy a computer system. Hardware failures were immediately resolved by the insertion of a new drive from inventory. Previously used computers had new hard drives installed to avoid overwriting potential forensic evidence. Possible legal evidence was ensured by requiring eDiscovery arising from employee termination to not be destroyed.
Standardized Evidence Processing
As project lead, DJPaA created of a system to process, implement and report evidence. Automation allowed multiple investigators to begin the standardized processing and review the resulting output. Multiple cases can now be processed automatically.
DJPaA configured and deployed a self-service password reset tool, allowing system users to reset passwords without administrator assistance. This eliminated work stoppage due to remote employees working after normal hours when administrative assistance was not available.