Software products

INCI

The software for automated acquisition of live data and internal memory (RAM) without access to an administrator's account.

Problem Description
A majority of today's advanced attacks leave no digital traces on a computer's hard drive. They are called file-less attacks. But, the malicious code still hides and executes from the internal memory (RAM). Therefore, an incident investigator that only focuses on analysis of hard drives and log files will miss important information.

When there is a suspicion of intrusion on a computer, it is important to act quickly. To get the best possible investigation data, it is important to "freeze the moment" to keep volatile data intact. It is also important to be able to quickly stop an ongoing intrusion. Many people have probably experienced that it might take some time to get technical help when a computer acts strange. Getting help is especially difficult when working remotely, as the computer must continue to be connected to the Internet in order for an IT technician to be able to connect, troubleshoot and manually acquire evidence. However, a computer's internal memory changes rapidly and digital tracks risk to disappear very fast. In addition, it is not recommended to give an attacker more time to read classified information or to start attacking other assets connected to the same computer network.

Solution
Using INCI, a non-privileged user can stop an ongoing attack and start securing evidence from the internal memory. The acquisition starts automatically after a double-click on a desktop icon or by pressing a shortcut using the keyboard. During incidents where the attacker remotely controls the mouse pointer, it is important to have a second alternative to the mouse clicks.

Summary
The product...

  • ... is easy to use and automates the acquisition of a computer's internal memory (RAM) together with other important live data.
  • ... includes features for automatically stopping an attack and ongoing network communication with an attacker.
  • ... is started by double-clicking a desktop icon or pressing a configurable shortcut on the keyboard.
  • ... does not require the user to have local administrator privileges.
  • ... unburdens and saves time for your IT support and operations technicians.
  • ... is compatible with all versions of Windows 10 from 1903 (18362).
  • ... installs quickly and easily using an MSI package.
  • ... uses only app. 500 kB of internal memory in standby mode.
  • ... provides the best possible basic conditions for an incident investigation / memory forensic analysis.
  • ... is developed by a Digital Forensic Specialist at Dingard AB.

Price
A business license costs EUR 790 ex. VAT per year and can be installed on any number of computers within the organization. Only one business license is required per corporate registration number, i.e., a subsidiary needs a business license of its own.

DEMO
Please, contact us if you have any questions and/or want a 20 minutes demo of the product.

Video clip in Swedish