Forensic Lab established on 2018, with the purpose of forensic investigation of digital evidence. It helps the incident handling unit as reactive service after an incident occurs by providing forensic support on evidence included in the incident. Digital Forensic team is also capable of recovery and investigation of material found in digital device including mobile, PC, Drone or any IOT’s or computational devices. The objective of CIRT LAB is also to build capacity of students and government officials who are keenly interested in cyber security and digital forensic.
- Helps the incident handling unit as reactive service after an incident occurs by providing forensic support on evidence.
- Build capacity of students and government officials on Cyber Security
- Criminal prosecutors – Rely on evidence obtained from a computer to prosecute suspects and use as evidence
- Civil litigation- Personal and business data discovered on a computer can be used in fraud, harassment or discrimination cases
- Financial Organizations – Evidence discovered on computer can be used to mollify costs
- Law enforcement officials – Rely on computer forensics to backup search warrants and post-seizure handling
CIRT Lab Capabilities:
- Computer Forensic – Can be used to recover important data, deleted logs, any criminal activities which is deleted intentionally
- Mobile Forensic – Mobile device forensic investigation to detect any criminal activities performed in mobile device
- Network Forensic – monitoring and analysis of computer network traffic for the purposes of information gathering of network anomaly, legal evidence, or intrusion detection.
Service Workflow follows:
- Evidence Detection
- Evidence Acquisition
- Evidence Analysis/Examination
- Documenting and Reporting
- Providing monthly threat intelligence report based on network forensic and feed data