Get Pricing Start Free Trial

Investigation - Digital Forensics

Determine intent of high risk activity

ObserveIT initiates forensic recording for high-risk activity, which makes it easy to watch exactly what users are doing and reduce investigations to minutes instead of months.

Digital Forensics: Key Capabilities

Video Recording of All User Activity

Records all user interface actions that occur when someone is accessing applications.

Generates Textual Audit Logs for Every App

All on-screen activity is transcribed into an easy-to-read list of exactly what the user did.

Advanced Keylogging of All On-Screen Activity

Record every key press including keyboard shortcuts, auto-complete and Windows clipboard.

Collects Irrefutable Forensic Evidence

Precise forensic evidence that shows visually exactly what the user did.

Document and Share Suspicious Sessions

Export entire recordings or selected slides to HTML file or the textual transcript to Excel.

One-click SIEM Integrations

Simple tie-in of insider threat intelligence for any SIEM (HP ArcSight, IBM QRadar, Splunk, etc.).

Forensic Recording

Investigation - Digital Forensics

With ObserveIT's digital forensics, you can view live sessions, as they unfold, monitoring the user’s actions as it is performed in real-time, and being able to understand the user’s intent, interact with users who are performing out-of-scope activity, and immediately lock sessions.

Digital Forensics Recording 1

While this information is crucial for real time investigations of what is going on at any given moment, because many security breaches are actually rolling events that evolve with time (vs. one-time incidents), having these recordings stored in an easy to use searchable format it also provides a valuable tool for forensic investigations, allowing security teams to perform data breach investigations spanning days, weeks and even months.

Digital Forensics Recording 2

ObserveIT’s unique capability to identify usage of shared accounts, adding the ability to know exactly who has used these accounts, reduces confusion and eliminates a lot of the finger pointing that may be part of a regular forensic investigation. This way, if a user used the “administrator” or “root” account for example, you know exactly who that user was.

Digital Forensics Recording

Using ObserveIT’s extensive search capabilities, security teams can perform detailed analysis of recorded user activities and link them together. For example, a user trying to obtain administrative permissions, later running some probing commands against a server to see what share are accessible, then using a remote control tool to obtain access to a remote server, and using Putty to connect to the remote server.

Digital Forensics Recording 4

ObserveIT's key logger captures every key press and command that was typed by the user in the recorded sessions. When needed for forensic investigations, any portion of the recording is directly accessible via keyword search in the ObserveIT Web Console. You can jump directly to relevant portions of recordings by searching for particular activities based on text entries, launched programs, and opened windows, system commands executed, and so on.

Digital Forensics Recording 5

ObserveIT can be configured to digitally sign and encrypt all data (data in transit, data at rest), so it provides irrefutable forensic evidences that could be used for further inquiry and, if needed, legal actions.

Digital Forensics Recording 6
Try it Now
Contact Us