Computer Access Use Case: Cellebrite Inspector Simplifies the Search for Indicators of Compromise at International Bank
How Cellebrite Inspector was Used to Analyze Large Data Sets
Web shells are commonly used in cyber-attacks and can have a variety of malicious purposes. They can also be difficult to detect. When one of the largest banks in the world received a notification from their Endpoint Detection and Response (EDR) solution indicating there was a possible web shell attack, it became a priority to determine if any systems were compromised. In order to maintain availability, the potentially compromised systems had to be analyzed quickly and thoroughly.
Four systems were identified as potentially compromised. All data stored on the systems had to be reviewed. While there are many forensic tools available, Cellebrite Inspector was chosen for this analysis for its ability to process a number of large data sets. An index of all the data was created in a single Cellebrite Inspector case file. Index searches were then performed to confirm no indicators of the specific compromise suspected were on any of the systems.
Cellebrite Inspector made the entire process easy. All investigative activity was tagged, automatically building the incident report. The interface is intuitive, making the searching, filtering, and pivoting extremely easy for the user. The results of the analysis provided compelling proof that there was no compromise.
The interface is extremely intuitive, making the searching, filtering, and pivoting very easy. – Forensic Analyst
- The Endpoint Detection and Response (EDR) solution notified there was a potential web shell attack.
- In order to prevent a disruption of service, the data on four systems possibly impacted by the attack had to be quickly examined to confirm there was no compromise.
- Cellebrite Inspector was used to collate and index the data into one case file.
- Index searching was performed across the entire data set. The results provided compelling proof there was no compromise.
Cellebrite Inspector’s intuitive interface made the entire process quick and easy.
Cellebrite Inspector indexing and index search features were used to confirm no systems were compromised.
An Endpoint Detection and Response (EDR) solution indicated there was a possible web shell attack. Cellebrite Inspector was used to quickly confirm no systems were compromised.
One of the largest banks in the world used Cellebrite Inspector to quickly analyze data on possibly compromised systems
A single Cellebrite Inspector case file was used to process all systems suspected of compromise.