Forensic

Digital Forensics

We provide digital forensic analysis services to investigate security incidents, reconstruct what happened, and determine the origin and scope of the events. Additionally, we analyze electronic evidence ensuring its preservation, traceability, and technical validity. We prepare solid and defensible expert reports for internal investigations, legal proceedings, or disciplinary actions.

We investigate your incidents

Our digital forensic analysis services allow you to clarify security incidents, identify the source of an attack, and understand exactly what has happened in your organization. We analyze electronic evidence and reconstruct the events to provide a clear and objective technical perspective.

We collect and analyze information from systems, devices, and local or cloud environments, ensuring the integrity, traceability, and preservation of digital evidence so that it can be used with complete reliability in internal investigations or legal proceedings.
Our specialists prepare solid technical and expert reports that help determine responsibilities, improve safety measures, and support decision-making in critical situations for the organization, which are also defended in court.
We apply best practices based on standards such as ISO/IEC 27037, ISO/IEC 27043, and UNE 197001, respecting the current legal framework on data protection and digital evidence, including the General Data Protection Regulation (GDPR) and the applicable procedural regulations.

Methodology

We identify, preserve, and analyze digital evidence from systems, devices, and cloud environments, applying forensic methodologies that ensure the integrity of the information, process traceability, and maintenance of the chain of custody.

We technically and chronologically reconstruct the events, correlating logs, communications, and user activities to determine the origin of the incident, its scope, and the actions taken by possible attackers or involved users.

We prepare solid technical and expert reports, clearly and structurally documenting the findings, with verifiable evidence and well-founded conclusions that can be used in internal investigations or legal proceedings.

Phases of a service

1
We analyze the incident, define the scope of the investigation, and establish the objectives of the analysis together with the client and the involved legal or security teams.
2
We determine which systems, accounts, devices, or platforms may contain relevant evidence, prioritizing those that allow the reconstruction of the investigated facts.
3
We acquire digital evidence through controlled procedures that ensure the integrity of the information and the proper chain of custody.
4
We examine emails, logs, configurations, and digital artifacts to identify suspicious activities, unauthorized access, or information tampering.
5
We document the findings in a structured way, including technical evidence, a timeline of events, and well-founded conclusions.
6
If necessary, our experts participate in judicial proceedings or internal investigations to explain and technically defend the conclusions of the analysis.

Types of projects

Forensic Analysis of a Physical Device (PC, Server, or Smartphone)

We perform forensic analysis on physical devices to identify relevant evidence related to security incidents, fraud, or misuse of systems. Using forensic acquisition techniques and specialized tools, we analyze disks, operating systems, activity logs, deleted files, and digital artifacts, ensuring the integrity of the information and the proper chain of custody at all times.

Intrusion analysis in cloud/online environment

We investigate security incidents that occur in cloud environments and online platforms, such as Microsoft 365, SaaS systems, or cloud-hosted infrastructures. We analyze activity logs, access records, configurations, and digital evidence to identify unauthorized access, attacker movements, and potential data leaks, accurately reconstructing the timeline of the incident.

Intrusion analysis in an in-house/local environment

We conduct forensic investigations on local infrastructures to determine how an intrusion occurred and which systems have been affected. We analyze system logs, network traffic, security configurations, and artifacts present on servers and workstations to identify attack vectors, lateral movements, and possible attacker persistence.

Forensic Analysis of 'Ransomware' Intrusion

We analyze ransomware incidents to determine the origin of the intrusion, the access vector used, and the actions taken by the attacker within the environment. Through the analysis of evidence in compromised systems, security logs, and malware artifacts, we reconstruct the chain of events of the attack and assess its impact on the organization.

Forensic Analysis of Invoice Manipulation Fraud

We investigate corporate fraud incidents related to invoice manipulation or Business Email Compromise (BEC) attacks. We analyze electronic communications, email headers, account access, and suspicious settings to determine if identity theft, unauthorized access, or communication tampering between suppliers and the organization has occurred.