Express Confirmation

CryptoForensics’ Express Confirmation offering is a proactive forensics investigation for merchants and service providers that allow clients to determine if a system has evidence of compromise or if credit card numbers or sensitive authentication data resides on the drive in clear text. PCI requirements mandate clients to follow implementation guidelines when using point-of-sale systems and software. Often, the guidelines are not followed, and mistakes can be made when handling the credit card data.

Our proprietary Express Confirmation will help a client determine whether a system may have been compromised, and if so, what sensitive data may have been exposed. CryptoForensics will obtain an image of volatile memory and disks from the client and analyze them using forensic software. The software used leverages both signature-based malware analysis and heuristic analysis to provide the most comprehensive results.

Our team also performs extensive pattern matching to find credit card numbers on the drive or in memory. All hits are exported and then evaluated for validity using proprietary methods and tools. Our labs examiners will perform off-site forensic tests to ensure clients are aware of key potential threats that may already be in their environments. However, while there is no guarantee that all malware will be found, there is the assurance that current signatures of malware used in recent breaches will be included in the testing.

The objective here is to concisely identify indicators that systems may be infected with malware. To that end, CryptoForensics will:

  • Use industry-leading tools to identify known malware signatures through hash analysis
  • Perform additional checks with heuristic malware identification tools
  • Conduct extensive pattern searches to identify any valid types of cardholder data

Our Comprehensive Suite of Solutions and Services . ..


Today, most enterprises try to deal with cybersecurity threats by focusing inwardly through conducting vulnerability assessments, making detailed network maps, and in some cases, deploying robust patch management processes to continuously monitor their networks and systems. While this approach provides some benefits, against many cyber threats it's ineffective. Most corporate networks are so large and complex that it's simply too difficult to identify all of their assets, or all of their vulnerabilities, and patch them fast enough. Today's cyber wrongdoers are sophisticated, well-funded, and patient—they use a wide range of techniques to penetrate even well-protected enterprises...