The client suspected that an intrusion had occurred on a Web server located within their network’s DMZ. They called a Big Four services firm to investigate the issue, this firm used EnCase Forensic as its tool. Because of the manual nature of EnCase Forensic, The firm focused on only 30 of the company’s 2000 servers. After three weeks of work nothing had been produced, and the client was told it would be impossible to learn how the hack had occurred or the true extent of the attack.
At that point, Guidance Software Professional Services were called in. We deployed our EnCase Enterprise agent to all 2,000 servers. Within two weeks, we understood how the hackers had gained access, what they had done and the number of machines compromised.