Gap Solutions

Gap Solutions

Every digital forensic investigation or cyber security effort is unique! Commercially available solutions enable the user to perform common workflows for particular industries, departments or applications. However they fall short when addressing very specific needs such as highly custom workflows, fast proliferation of new applications or new technologies.

Tailored to Your Needs

Our Gap Solutions service provides the following benefits

Priority feature implementation

With commercial tools you typically need to wait several months for a general version update and hope you particular feature request made it into the release. This is not the case with custom solutions. They are written with your time table in mind.

Integration with existing tools

The primary goal of Gap Solutions is to integrate and/or expand the capabilities of existing solutions to resolve very specific needs in your environment. This may mean to write a simple plugin to parse a new set of data sets or write a standalone solution that automates the workflow between two independent solutions.

Innovate your forensic & cyber security efforts

Digital investigations and cyber security efforts are constantly challenged by the continuous shift in threats and data to be analyzed. By utilizing the Gap Solutions approach allows you to solve challenges specific to your needs and become proactive. This enables your organization to move closer to the “HMM3 Innovative” level within the Hunting Maturity Model.

Use Cases

Proprietary Data Structures

Proprietary data structures are constantly encountered during digital forensic or cyber security projects. Creating a custom parser for automation and repeatable processing of such proprietary data is a key element in proactively addressing such situations.

Cyber Security Toolbox

We designed and developed cyber security framework which allowed the user to utilize open-source toolsets from a central management dashboard to remotely trigger evidence collections and processing of compromised hosts based on SIEM alerts. The solution integrated a commercial SIEM solution, robust enterprise collection technology with a host of open-source tools. All of this was orchestrated via a distributed network architecture developed by us to manage the workload for evidence collection, processing and storage.

Mobile Phone Applications

Our work with law enforcement agencies shows that mobile device forensics tools are frequently lacking the support of new mobile applications. The tools may support earlier versions of a mobile app, yet app updates now render the current parsing of data useless. We have written several custom parsers for law enforcement efforts to parse mobile application data for new, semi-popular or unexpected applications.