Forensics | Trufflepig Forensics

IT forensics

Digital traces. Clear evidence.

If something has happened - we clarify what is important for you!

Whether data theft, sabotage, ransomware or internal incidents: Digital forensics provides reliable answers . Our specialists reconstruct what happened, how it could have happened - and who was involved. We secure digital evidence in such a way that it can be used in court can be used in court.

Typical questions:

Has an employee stolen confidential data?

How did the ransomware attack occur and what data was encrypted or exfiltrated?

Was a system deliberately manipulated or compromised?

When exactly did the access take place - and via which channels?

Our procedure: structured and court-proof.

Step 1

Fast initial recording & securing of evidence

We record the incident, clarify the legal framework and secure volatile and persistent data.

Step 2

Forensic analysis

Whether hard disk, server or memory: We analyze content, activities, metadata and traces - regardless of the system used.

Step 3

Report & presentation of results

You receive a court-proof, comprehensible report with all the findings and - if possible - a clear attribution of the perpetrator.

Your benefits with Trufflepig Forensics

Independent investigation with clear results

Our experts analyze incidents neutrally and based on facts - without assumptions, with comprehensible evidence.

Documentation for labor law or criminal proceedings

All results are documented in a legally secure manner and can be used in internal proceedings or in court.

Rapid intervention in acute incidents (incident response)

We respond immediately to ongoing or newly discovered attacks - including backup of volatile data and initial measures.

In-depth analysis - even for complex or veiled attacks

We also uncover hidden traces - e.g. in the event of targeted data leaks, internal perpetrators or veiled malware campaigns.

Comprehensible reports for management & lawyers

Our results are technically sound but clearly formulated - for confident decisions at all levels.

Specialty: Memory Forensics

An outstanding focus of Trufflepig Forensics is on memory forensics - the analysis of volatile random access memory (RAM), where traces are often found that have long since been deleted from data carriers.

Analysis of active malicious processes

Detection of encrypted or hidden tools

Tracing of data outflows in real time

Our experts have worked for authorities and investigative bodies among others - with the utmost discretion and technical depth.

Häufig gestellte Fragen (FAQ)

For whom is IT forensics relevant?

For companies, authorities or organizations that suspect or want to clarify an incident - e.g. data leakage, sabotage, insider suspicion or external attacks.

When should IT forensics be used?

Ideally, immediately after an incident - the earlier evidence is secured, the greater the chance of success.

Which systems can be investigated?

Windows, macOS, Linux, mobile devices, servers, cloud services - we analyze a wide range of infrastructures.

Can you analyze while the system is running?

Yes - in many cases, a discrete analysis is possible without shutting down systems or alerting employees prematurely.

What is the difference to IT security analysis?

Forensics is reactive - it investigates specific incidents. IT security analysis is preventative and looks for potential vulnerabilities.

Are the results usable in court?

Yes - our analyses follow the usual standards for usability in court.

Emergency?

+49 157 92500100

Attention: If your company is experiencing an emergency, such as an ongoing cyberattack, please call us directly. In such cases it's often a matter of minutes.

You can also directly book a free online consultation appointment online

Contact If you have questions about prevention or system security, feel free to call us or send us an email. +498441-4799976 kontakt@trufflepig-forensics.com