Cyanre Hardware & Software
As market leaders in Africa in Digital Forensics and Incident Response Cyanre has over the last thirteen years identified leading products to effectively conduct Digital Forensic investigations and Incident Response services.
Cyanre provides these products and training in required fields to our clients in South Africa and across Africa.
Write Blocking devices
A critical aspect of digital forensics is the ability to collect forensic sound duplicate copies of evidence. This is achieved primarily by making use of write blocking devices.
Tableau offers a wide range of imaging and blocking devices. The most advanced of the range the TD3 which is Unique Among Forensic Imaging Tools.
There are forensic imaging tools and then there is the Tableau TD3 Forensic Imager. The TD3 is truly one of a kind. At its core TD3 is a high performance, reliable, and easy to use forensic duplicator – with a high resolution, touch screen User Interface (UI). Today, TD3 is capable of forensic data collection from SATA, IDE, USB 3.0/2.0/1.1, SAS, and FireWire (1394A/B) drives. No other forensic duplicator available today matches TD3 for its unique combination of performance, packaging, forensic capabilities, and usage models.
TD3 supports collecting data in a forensically sound (a.k.a. “write-blocked”) manner. SATA, USB 3.0, USB 2.0/1.1, and FireWire devices connect directly to TD3 using the appropriate port. IDE and SAS devices can be imaged thru TDPX5 (IDE) and TDPX6 (SAS) expansion modules. The FireWire write blocker on TD3 allows for convenient imaging of Mac™ systems booted in “target disk mode” – without the hassle of hard drive removal.
With the complex challenges that digital investigators faces during mobile investigations, Cellebrite continues to innovate around the ever involving technology.
The result is industry-leading, award winning mobile forensics solution components. With unparalleled data extraction and analysis capabilities optimized for both lab and field personnel, Cellebrite’s unified workflow allows examiners, investigators and first responders to collect, protect and act decisively on mobile data with the speed and accuracy a situation demands – without ever comprising one for the other.
UFED Touch 2:
UFED Touch2 reliably and intuitively extends full logical, physical and file system extraction capabilities where they are needed most – in the field or lab.
The benefits of the UFED Touch 2 includes:
- In-depth physical, file system, password and logical extractions of evidentiary data.
- Unmatched support for the widest ranges of leading mobile devices and operating systems.
- Proprietary technology and boot loaders ensure forensically sound extractions.
- Complete field-ready kit offers compact tip connectors with four master cables for extraction and charging during usage.
- High-resolution, multi-touch, intuitive touch-screen display.
- Frequent software updates ensure ongoing compatibility with all new phones introduced to the market.
- Available in both standard or ruggedized editions.
Other Cellebrite products include:
Cellebrite’s UFED CHINEX solution enables the logical and physical extraction of evidentiary data and passwords from phones manufactured with Chinese chipsets – MTK and Spreadtrum.
UFED Analytics Desktop:
Allows an authorized investigator to rapidly explore various investigative paths or theories by opening multiple views of links and maps in one session.
UFED 4PC provides users with advanced capabilities to perform data extraction, decoding and analysis from the widest range of mobile devices, on a single platform.
Cyanre First Responder Kits
Collecting evidence promptly and accurately is a foundational element for any digital forensic analysis. It is often required of digital forensic practitioners to travel or reach a scene in haste, either via road or air transport. It is therefore an essential requirement that equipment must be practical, compact, robust and extremely mobile.
This is why Cyanre developed the CyLab First Responder Kit which will allow a digital forensic investigator to manage a scene properly and securely collect any type of digital evidence.
The Cyanre Lab Kit Consist of the following:
- 1x Pelican 1560 Case
- 1x Vantec Hard Drive Dock
- 1x Mini Wireless Keyboard
- 1x Ultrakit III + TD3 + FireWire
- 1x Foam lining for pelican Case
- 1x Precision Screwdriver Set
- 1x Canon Camera
- 1x Transcend 4GB SD Card
EnCase® Forensic is the global standard in digital investigation technology for forensic practitioners who need to conduct efficient, forensically-sound data collection and investigations using a repeatable and defensible process.
Encase’s objective: Empower examiners with the highest efficiency, power, and results. First to market and still best in class, the proven, powerful, and court-accepted EnCase® Forensic solution lets you:
- Rapidly acquire data from the widest variety of devices
- Unearth potential evidence with disk-level forensic analysis
- Produce comprehensive reports on your findings
- Maintain the integrity of your evidence in a format the courts have come to trust
Nuix offers a wide range of components ranging from Investigator Workstations, Investigator Reviewers, Investigator Labs, E-Discovery Workstation, E-Discovery Reviewers and many more.
Investigations frequently involve large numbers of devices including multiple computers, mobile devices and a variety of digital storage media, as well as difficult-to-access corporate data formats and storage systems.
Nuix’s advanced electronic investigation technology is engineered to triage, process, analyze and bring to the surface critical evidence bridging entire data sets, regardless of the geographical location, repository, file type or size. In addition, Nuix can automatically identify key intelligence items such as email addresses and phone, social security and credit card numbers.
Nuix Investigator Workstation can scale to meet the most demanding case loads. The patented Nuix Engine delivers near-linear scalability—simply add processors to index more data faster.
With Nuix Investigator Workstation, you can search and correlate across all available data quickly and efficiently. It gives you the power to test hypotheses, follow evidence trails and find links between suspects and information.
Speed and efficiency
Search and analyze data across multiple sources and large volumes with unmatched speed, and pre-filter evidence to focus on the most likely sources.
Empower case investigators
Place powerful search and analysis capabilities in the hands of case investigators, with minimal training required, and reduce the workload on digital forensics specialists.
Bring intelligence to the surface quickly
Automatically identify crucial intelligence and correlate these data points to show connections across multiple sources and investigations.
License as many processors as you need to meet your case size and timeframe requirements.
FTK (Accessdata Forensic Toolkit)
Forensic Toolkit® (FTK®): Recognized around the World as the Standard in Computer Forensics Software
FTK is a court-accepted digital investigations platform built for speed, stability and ease of use. It provides comprehensive processing and indexing up front, so filtering and searching is faster than with any other product. This means you can zero in on the relevant evidence quickly, dramatically increasing your analysis speed. The database-driven, enterprise-class architecture allows you to handle massive data sets, as it provides stability and processing speeds not possible with other tools. Furthermore, because of this architecture, FTK can be upgraded easily to expand distributed processing and incorporate web-based case management and collaborative analysis.
NOW INCLUDED IN FTK® 6…
Data Visualization for Automated Graphical Timeline Construction and Social Analysis
Automated graphical timeline construction and analysis of social relationships… two of the most essential but time consuming tasks during an examination.
Explicit Image Detection (EID)
EID is NOT just detecting flesh tones. It will analyse shape and orientation as well.
- Invaluable for anybody dealing with CP cases
- Zero in on illicit images in minutes
MPE+ Essential allows users to perform full iOS® and Android™ device examinations. It operates as a full MPE+ license for 30 days after license activation, with access to all features and devices. After this time, you can purchase MPE+ or continue with MPE+ Essential.
Add Cerberus Malware Triage & Analysis to Forensic Toolkit, and gain actionable intelligence prior to engaging a malware team.
Cerberus is the malware analysis component of AccessData’s integrated incident response platform, CIRT (Cyber Intelligence & Response Technology). This module is available as an add-on to FTK. The first step towards automated reverse engineering, Cerberus allows you to determine the behaviour and intent of suspect binaries, giving you actionable intelligence without having to wait for a malware team to perform deeper, more time consuming analysis.
Fidelis Cybersecurity offers a comprehensive portfolio of products, services and expertise to combat today’s sophisticated advanced threats and prevent data theft and breaches. Our commercial enterprise and government customers around the globe can face advanced threats with confidence through use of our Network Defense and Forensics Services, delivered by a team of security professionals with decades of hands-on experience, and our award-winning Fidelis XPS Advanced Threat Defense products, which provide visibility and control over the entire threat lifecycle.
Breaches are inevitable, losing data is not. Digital Guardian for Data Loss Prevention (DLP) gives you everything you need – the deepest visibility, the fine-grained control and the industry’s broadest data loss protection coverage – to stop sensitive data from getting out of your organization. Digital Guardian’s combination of Endpoint and Network technologies allow organizations to protect all critical and confidential assets, while users are both on and off the corporate network.
Key Benefits of Digital Guardian
- Control all data with content and context-aware data loss prevention.
- Enforce data loss prevention policies across all egress channels.
- Stop data loss – without impacting productivity.
- Dial-in advanced classification of data on endpoints.
- Get granular control of all data movement to devices.
- Extend your data loss protection with Digital Guardian add-on modules.
Summation® is the only all-inclusive, web-based legal review platform that provides teams with a single tool for managing all post-collection stages of e-discovery. Powered by trusted FTK® processing technology, Summation combines processing, review and case organization into a single product for the most cost-effective, accelerated e-discovery possible. And because Summation utilizes a single shared, forensically secure backend database, data never has to move throughout the e-discovery process, reducing risk of data loss and spoliation.
Some of Summations capabilities that empower you are:
- End-to-end e-discovery platform offering data processing, ECA, and final review in one.
- Near native and word boundary redaction allows you to redact first, then image only the smaller redacted set of documents.
- Transcript support with RealTime™
- Integrated case organizer functionality facilitates case collaboration, helping teams easily chronicle, organize and search important facts, relevant events, key testimony, questions and summaries as they prepare for trial.
- Browser Briefcase feature enables secure web-based access to your case from anywhere, even when you’re offline.
Advanced case data filtering with hundreds of unique facets.
FireEye cyber security products combat today’s advanced persistent threats (APTs). As an integral piece of an Adaptive Defense strategy, our state-of-the-art network security offerings protect against cyber-attacks that bypass traditional signature-based tools such as antivirus software, next-generation firewalls, and sandbox tools.
Some of the Fireeye products include the following tools:
- AX – The FireEye® AX series is a group of forensic analysis platforms that give security analysts hands-on control over powerful auto-configured test environments to safely execute and inspect advanced malware, zero-day, and advanced persistent threat (APT) attacks embedded in Web pages, email attachments, and files.
- EX – The FireEye® EX series secures against advanced email attacks. As part of the FireEye Threat Prevention Platform, the FireEye EX uses signature-less technology to analyse every email attachment and successfully quarantine spear-phishing emails used in advanced targeted attacks.
- FX – The FireEye® FX series is a group of threat prevention platforms that protect content against attacks originating in a wide range of file types. Web mail, online file transfer tools, the cloud, and portable file storage devices can introduce malware that can spread to file shares. The FireEye FX platform analyses network file shares to detect and quarantine malware brought in by employees and others that bypass next-generation firewalls, IPS, AV, and gateways.
- HX – Endpoint Threat Prevention Platform detects, Analysis and Resolves Security Incidents on the endpoints.
- NX – The FireEye® Network Threat Prevention Platform identifies and blocks zero-day Web exploits, droppers (binaries), and multi-protocol call-backs to help organizations scale their advanced threat defences across a range of deployments, from the multi-gigabit headquarters down to remote, branch, and mobile offices. FireEye Network with Intrusion Prevention System (IPS) technology further optimizes spend, substantially reduces false positives, and enables compliance while driving security across known and unknown threats.
Cybercriminals use the Web as a primary threat vector to deliver zero-day exploits and malicious URLs in email and infiltrate data. FireEye Network is designed to stop drive-by downloads and blended Web and email attacks. In addition, FireEye Network offers a defence against infections that take place outside the network.
RSA Business-Driven Security™ solutions help customers comprehensively and rapidly link security incidents with business context, enabling them to respond effectively and protect what matters most.
With its innovate Security Framework, StarLink is also recognized as a “Trusted Security Advisor” to over 2200 enterprise and government customers that use one or more of StarLink’s best-of-breed and market-leading technologies, sold through its Channel network of over 770 Partners.
The StarLink Solution Lifecycle helps Channel Partners differentiate offerings, and assists customers to identify key risks and define priorities for addressing IT Security gaps relating to compliance and next-generation threat protection.
Some of the Starlink products include the following tools:
- LogRhythm – LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.
Detect, prioritize and neutralize cyber threats that penetrate the perimeter or originate from within with;
- Next-Gen SIEM – Unified platform for advanced detection & response
- Security Analytics – Holistic threat analytics & compliance automation
- Log Management – Centralized visibility into all log and machine data, at any scale
- Network Forensics – Real-time deep packet analytics and full capture
- Endpoint Monitoring – Real-time user, file application and system behavior monitoring