DFIR
The DFIR Group of Tinexta Defence is a Threat Response Unit specialising in digital forensics and incident response. It supports businesses and public administrations in managing security incidents and producing digital evidence with probative value.
The Group's activities combine multidisciplinary expertise and are structured into four main areas:
- Incident response: rapid intervention capabilities to contain, eradicate and mitigate incidents, thereby reducing operational impact.
- ‘Consulenze Tecniche d’Ufficio’ (CTU) and ‘di Parte’ (CTP): forensic analyses that comply with the best practices for the chain of custody and that support judicial contexts.
- Forensic readiness: proactive preparation of processes, technologies and standards to ensure that the collected data is accurate, integral and verifiable.
- Research and innovation: experimentation with advanced technologies such as eBPF, kernel telemetry, AI for anomaly detection and container forensics, in order to anticipate threats and develop next-generation tools.
As a Threat Response Unit, the DFIR Group's work extends beyond post-event investigation to include collaboration with Security Operations Centres (SOCs) and organisations in the areas of proactive detection, threat hunting and cyber crisis management.
The Group’s mission is to enhance the security and resilience of critical infrastructures and information systems by combining scientific rigour, technological innovation and operational capability to support digital defence and judicial processes.
Threat Analysis
The Digital Forensics business unit mainly operates in litigation, criminal, civil and arbitration proceedings, as well as in cases involving fraud, corruption and intellectual property disputes.
In this context, Forensic readinessis becoming increasingly important. It is a preventive service that enables organisations to effectively and legally collect, store and analyse digital evidence.
The DFIR team consists of technicians who are experts in cyber incident response and forensic evidence acquisition. The team operates within a computer forensics laboratory equipped with the latest market-leading technologies, enabling cases to be handled in accordance with data acquisition, crystallisation and storage procedures.
Activities
- Management of cyber incidents following forensic procedures
- Expert consulting in response to judicial authority initiatives
- Support in disputes related to the design and implementation of hardware and software systems
- Documentary support for law firms in civil and criminal cases
- Assessment of information systems’ exposure to risk on the internet
- Specialized consulting to support brand protection
- PC and smartphone malware remediation
- Support for safeguarding know-how and preventing corporate data loss
- Assistance in cases of corporate infidelity and termination of employment
Tools
- Cellbrite UFED
- Intella
- Axiom
- Xways
- Falcon
Our reports
Subscribe to the Cyber Studios mailing list
Subscribe to our Cyber Studios mailing list to receive an email every time we publish a new DFIR report.