The term "IT forensics" (also known as computer forensics) refers to the analysis and investigation of security incidents or obscure circumstances in the field of information technologies. Typical examples are hacker attacks on critical IT systems or data leakage by internal offenders. Forensic analyses are not only appropriate for specific security incidents but can also help solve general cases of suspicion.

For many companies it is not economically viable to build up and maintain internal IT forensics knowledge and personnel.  Other companies may have a respective team in place but in the event of an emergency they do not possess sufficient ressources or the specific knowledge required to handle the respective incident. In the event of specific security incidents as well as in cases of suspicion our company supports you in all the required activities:

detection and Investigation

Our team works for you to secure possible crime scenes, identify instrumentalities and collect evidence. By meticuously collecting all the case relevant data and information on underlying conditions it is possible to create a complete picture of events and potential parties involved in the security incident. Through the deployment of respective hardware and software it is possible to secure the current state of IT systems in its entirety and without any changes, thus facilitating a detailed analysis. We are thereby focussed on concluding all evidence preserving measures swiftly in order for the affected systems to return to productive mode as quickly as possible. Even when illegal or non-authorized procedures are still underway, it is possible to secure evidence and investigate the events with respective analysis tools. In cases like this we can also provide advice on incident reduction and monitoring through technical ad hoc measures or the communication with prosecution authorities.


The preservation of evidence is followed by an analysis which is aligned to contract objectives.

As an example, this can include forensic analyses in the following areas:
  • Data carriers and system images   
  • Recorded network traffic (for a detailed description see "network analysis")
  • Log files
  • User data like documents, emails or media files

Through the precise analysis of secured evidence a security incident can be investigated in detail. What happened? What was the sequence of events? Which individuals are possibly involved? Which systems and files are affected (data leakage, manipulation of information, etc.)?


Any information collected during a forensics operation is documented and evaluated by the team in. If required, a presentation of the results is prepared and tailored to the respective target group. If you would like to involve prosecution authorities and courts, we will work together with these institutions during the incident investigation and transfer our knowledge.

Strategic and process-based handling of security incidents

In addition to urgent security incidents, SCHUTZWERK can also advise you on the respective strategic aspects and the introduction of Incident Response Management.