Digital forensics

Evidence Preservation and Analysis

How does it work?

Reconstructing the attacker’s steps and actions provides knowledge to prevent similar attacks from happening again and, if necessary, to provide evidence before the law. Zerum Lynx analyzes the raw network data involved in the incident, enabling cybersecurity teams to know where it came from, how it penetrated and how it acted.

How does it work?

network forensics with speed and accuracy

Zerum Lynx™ enables agile, in-depth forensic investigations based on network traffic. With an intuitive interface and optimized architecture, it is possible to identify, reconstruct and extract digital evidence in a few seconds, without the need for agents on the devices.

continuous packet capture with automated extraction

All network communication is recorded in real time with forensic precision. Files, credentials, commands and transmitted objects are automatically extracted from captured packets, allowing retroactive analysis and reconstruction of events with total clarity.

complete visibility from layer L2 to L7

The solution analyzes the full content of packets (full packet capture), not just the flow metadata. This guarantees a granular view of network interactions, revealing protocols, applications, errors and suspicious activity at any layer.

More
benefits

decryption embedded in dedicated hardware

With support for real-time decryption directly on the hardware, Lynx™ offers visibility of encrypted traffic with high performance, without impacting capture or compromising the integrity of evidence.

chain of custody preserved with digital signature

The evidence captured – such as files and packages – is stored with complete metadata. Optionally, they can be digitally signed in accordance with ICP-Brasil, guaranteeing legal validity.

post-mortem investigation with precise reconstruction of incidents

Lynx™ enables detailed forensic analysis after an incident has occurred, making it possible to reconstruct the timeline, identify the techniques used and understand the attack vector precisely. By preserving raw data and recording every network interaction, the solution provides the necessary inputs to extract lessons learned, improve defenses and, when necessary, support legal actions with consistent technical evidence.

Questions and answers

Which areas of the company benefit from digital forensics?

In addition to the information security team, areas such as legal, compliance, internal audit, IT and executive management can benefit directly. Forensics provides concrete data that helps in decision-making, holding third parties accountable, proving compliance or investigating suspicious behavior.

Can forensic analysis be used as evidence in legal proceedings?

Yes, as long as it respects the chain of custody – in other words, the complete and uninterrupted documentation of all the stages in the handling of the evidence. This includes the date and time of collection, those responsible for each stage, the tools used and the integrity of the data, which is generally guaranteed by hash and digital signature.

What is the difference between digital forensics and incident response?

Incident response is the process of containment, eradication and recovery after a security event. Digital forensics, on the other hand, is an investigative stage, often carried out in parallel or afterwards, focused on understanding the technical and contextual details of the incident and producing structured evidence. Both are complementary, but have different purposes.

What are the most common types of digital evidence?

Among the most common types are: deleted files and emails, system logs, network records (such as PCAPs), file metadata, browsing history, stored credentials, and data from authentication systems. These elements, when well preserved, are key to accurately reconstructing the incident.

When should digital forensics be used?

Whenever there is a suspicion of a security incident, data breach, internal fraud or any event that could compromise the integrity or confidentiality of information. Forensic analysis helps identify what happened, how it happened, who was responsible and what the real impact was, as well as providing actionable evidence.

Do you want expert support
to identify and eliminate cyber threats?

We’re here
to help you.

AI Applied to Cybersecurity

Threat Intelligence Database

Network Detection & Response (NDR)

Security Event Management (SIEM) and XDR

Security Orchestration, Automation and Response (SOAR)

Network Packet Broker

Real-Time Analytics for IT (aaNPM)

Monitoring, Detection and Response

Proactive Investigation of Stealth Threats

Evidence Preservation and Analysis

Public Info Analysis to Predict Risks

Specialized Trainings for Risk Prevention

Finding Flaws Before Exploitation

Security Evaluation via Attack Simulation

Automated Simulations of Real Attacks

Monitoring and Analysis of IT Operations

Digital forensics

Evidence Preservation and Analysis

How does it work?

How does it work?

network forensics with speed and accuracy

continuous packet capture with automated extraction

complete visibility from layer L2 to L7

Morebenefits

decryption embedded in dedicated hardware

chain of custody preserved with digital signature

post-mortem investigation with precise reconstruction of incidents

Questions and answers

Do you want expert supportto identify and eliminate cyber threats?

More
benefits

Do you want expert support
to identify and eliminate cyber threats?