IT forensics
Digital traces. Clear evidence.
If something has happened - we clarify what is important for you!
Whether data theft, sabotage, ransomware or internal incidents: Digital forensics provides reliable answers . Our specialists reconstruct what happened, how it could have happened - and who was involved. We secure digital evidence in such a way that it can be used in court can be used in court.Typical questions:
Our procedure: structured and court-proof.
Fast initial recording & securing of evidence
Forensic analysis
Report & presentation of results
Your benefits with Trufflepig Forensics
Independent investigation with clear results
Our experts analyze incidents neutrally and based on facts - without assumptions, with comprehensible evidence.
Documentation for labor law or criminal proceedings
All results are documented in a legally secure manner and can be used in internal proceedings or in court.
Rapid intervention in acute incidents (incident response)
We respond immediately to ongoing or newly discovered attacks - including backup of volatile data and initial measures.
In-depth analysis - even for complex or veiled attacks
We also uncover hidden traces - e.g. in the event of targeted data leaks, internal perpetrators or veiled malware campaigns.
Comprehensible reports for management & lawyers
Our results are technically sound but clearly formulated - for confident decisions at all levels.
Specialty: Memory Forensics
An outstanding focus of Trufflepig Forensics is on memory forensics - the analysis of volatile random access memory (RAM), where traces are often found that have long since been deleted from data carriers.Analysis of active malicious processes
Detection of encrypted or hidden tools
Tracing of data outflows in real time
Häufig gestellte Fragen (FAQ)
For whom is IT forensics relevant?
For companies, authorities or organizations that suspect or want to clarify an incident - e.g. data leakage, sabotage, insider suspicion or external attacks.
When should IT forensics be used?
Ideally, immediately after an incident - the earlier evidence is secured, the greater the chance of success.
Which systems can be investigated?
Windows, macOS, Linux, mobile devices, servers, cloud services - we analyze a wide range of infrastructures.
Can you analyze while the system is running?
Yes - in many cases, a discrete analysis is possible without shutting down systems or alerting employees prematurely.
What is the difference to IT security analysis?
Forensics is reactive - it investigates specific incidents. IT security analysis is preventative and looks for potential vulnerabilities.
Are the results usable in court?
Yes - our analyses follow the usual standards for usability in court.
Emergency?
+49 157 92500100Switzerland
Selected Certifications
