Aurenav LLC

Aurenav Digital Forensics and Incident Response is now serving the Swedish, Nordic and Baltic markets from the Aurenav offices located in Stockholm, Sweden. In addition to network security assessments and regulatory and compliance audits, Aurenav can also deliver Digital Forensics for computers, storage, network traffic, computer memory and smartphones. Available services include:

• Risk and Vulnerability Assessments
• Compliance Audits
• Penetration Testing
• Incident Response
• Advanced Data Recovery
• Digital Forensic Investigations
• Civil and Criminal Case Preparation
• Expert Testimony
• Proactive IT Security
• IT Security Training

The first step in managing risk is to conduct a threat assessment, which considers the full spectrum of threats (i.e., natural, criminal, malware, accidental, malfunction etc.) that are likely to impact your organization. Once the credible threats are identified, a vulnerability assessment is performed to evaluate the potential impact of loss from a network or computer failure, malware infection or unauthorized access or theft of data. The vulnerability assessment defines the level of loss and the impact that a vulnerability could cause an organization. These definitions take into account lost time, lost data, impact on reputation and the impact on being able to conduct business.

Risk analysis combines the impact of loss and the vulnerability rating to provide a means of quantifying a potential risk in terms of how long a critical business capability will be unable to perform and how much monetary loss a business will suffer.

Based on the findings from the risk analysis, the next step in the process is to identify steps that can be taken to reduce the risk of an incident occurring in the first place. Recommendations are provided that are designed to establish a minimum baseline based on industry standards with additional recommendations to cover threats that are specific to your business.

A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines, security polices, user access controls and risk management procedures. The focus of what is examined in a compliance audit will vary depending upon a number of factors such as whether an organization is a public or private company, what industry sector the organization is in, what kind of data it handles and if it transmits or stores sensitive financial data.

A penetration test, or pentest, is a method of evaluating the security of a computer system or network by simulating an attack. The advantage of a penetration testing is that it tests how well your firewalls, computers and network would handle a real attack.

Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). An incident response plan includes a policy that defines, in specific terms, what constitutes an incident, who is responsible and provides a step-by-step process that should be followed when an incident occurs. The goal is to handle the situation in consistent a way that limits damage and reduces recovery time and costs.

Data recovery is the process of salvaging data from damaged, failed, corrupted, or inaccessible storage media. The data being salvaged is typically located on storage media such as internal or external hard disk drives, solid-state drives (SSDs), USB flash drives, storage tapes, CDs, DVDs and other electronics. Recovery may be required due to physical damage to the storage device or logical damage to the file system that prevents it from being mounted by the host operating system.

Digital forensics is the application of computer investigation and analysis techniques to gather evidence suitable for presentation in a court of law. Gathering evidence and reporting the findings of an investigation must follow strict guidelines based on forensic science principles and in most jurisdictions the investigators must by specially trained and certified. The goal of digital forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computer and who was responsible for it.

Digital forensic investigators typically follow a standard set of procedures: After physically isolating the computer or smartphone in question to make sure it cannot be accidentally contaminated, investigators make a digital copy of the hard drive or smartphone memory (both internal and SIM chip). Once the original hard drive or memory has been copied, typically using a write blocker copying device, it is locked in a safe or other secure storage facility to maintain its pristine condition. All investigation is done on the digital copy.

Digital forensic Investigators use a variety of techniques and proprietary forensic applications to examine the hard drive or smartphone memory copy, searching hidden folders and unallocated disk space for copies of malware, deleted, encrypted, or damaged files. Any evidence found on the digital copy is carefully documented in a "finding report" and verified with the original in preparation for legal proceedings that involve discovery, depositions, or actual litigation.

Digital forensics has become its own area of scientific expertise, with accompanying coursework and certification. Aurenav digital forensics investigators are highly trained and certified experts.