Cyber Black Box™ - recover from hacking attacks faster and better

If you’ve been hacked, an effective investigation and clean-up is essential. Cyber Black Box™ assists investigators do their job better with forensic data and logs, helping prevent repeat incidents and keeping remediation costs low.

Just as the flight recorder “black box” helps aviation investigators, the Cyber Black Box assists digital forensics investigators in piecing together the events leading up to a cyber incident.

A faster and more accurate resolution means better business outcomes – faster remediation, fewer repeat attacks, and even smoother cyber insurance claims.


Cyber Black Box™

  • After a hacking incident, investigations can be difficult or inconclusive without the right evidence.
  • Forensic evidence is often unavailable because it was intentionally deleted or never captured in the first place.
  • If the root vulnerability goes unidentified, it can be exploited again, resulting in repeat hacks.
  • Delays in the investigation can hold up cyber insurance claims.


Cyber Black Box™

  • Investigations are faster and more accurate because a wide range of forensic information is captured by the black box.
  • Evidence is further replicated to the system backups, and shielded from attack by CryptoSafeGuard.
  • Helps investigators identify the root vulnerability so it can be remediated, helping prevent future attacks.
  • All aspects of the recovery are made smoother.

What's in it for you ?

Now that hacking and ransomware are primary threat to business operations, everyone must prepare for the unexpected.

Prepare for the unexpected.

No one ever thinks they’re going to get hacked. But for most people, by the time it happens, it’s already too late.

Just as an airplane’s black box recorder helps improve aviation safety, the Cyber Black Box improves your cyber safety…

In order to determine the cause of a disaster, forensic data must be available to investigators. Such data must be collected prior to the disaster – otherwise it’s too late.

Cyber Black Box collects forensics data pre-emptively, meaning you’re effectively prepared for the unexpected.

Helps complete investigations faster

The right forensic evidence helps investigators piece together what happened and find the root vulnerability of the attack.

Less chance of repeat incidents

Finding the root vulnerability means the correct remediation can be applied, lowering the chance of a repeat incident.

Assists with the cyber- insurance process

A faster investigation means that insurance claims can be assessed quicker, and the cost of the investigation is lowered.

How is Cyber Black Box™ different ?

This is brand new technology, launched in December 2020, by Cortex Cyber.

"And because it's new, there's nothing else quite like it."
Perfect for small to medium enterprises
Cyber Black Box is budget friendly because it comes bundled with BackupAssist backup software.
No extra software or hardware required
Cyber Black Box is lightweight.

It requires no maintenance.
Completely
transparent
Cyber Black Box works entirely in the background, silently collecting logs and data.
Developed from advice from law enforcement
Cyber Black Box was inspired by stories of frustration from cybercrime investigators.

How does Cyber Black Box™ WORK ?

It logs important activities, silently in the background
The Cyber Black Box records vital forensic data – such as network connections, processes, and disks – which would otherwise be lost. It’s like an airplane black box recorder, but for Windows machines.
It packages the black box data into the backups
Cyber Black Box data is included with local and cloud backups, providing resilience to data loss.
Current and historical information are available to investigators
The most current black box data is available on the machine itself, while historical copies are available in the backups.

How can I get it ?

Cyber Black Box is included in our product suite:

BackupAssist Classic
Available in BackupAssist Classic v11 (Dec 2020) with an active BackupCare subscription.
BackupAssist ER
Coming in early 2021, available for free with a BackupAssist ER subscription.
Our different types of backups will help you fulfil your goals.

Frequently Asked Questions

Because backups are the perfect place to put them!

When forensic investigators try to piece together a timeline of events, they need to see how system activities change over time. That means understanding historic activities, such as network connections, registry and disk activity and setup.

But by the time an investigator is called to deal with an incident, it’s already too late – the investigator might be able to get the current state of the machine, but not what happened in the past. Further, most likely the hacker has already wiped the evidence.

What investigators need the most is a historical record of key pieces of information – just like a black box flight recorder does on airplanes. Backups are designed to keep old versions of data, even if the current version is destroyed.

Recording and putting the information in the backups will:

  1. Enable easy retrieval of historic forensic information that goes back days, weeks and months
  2. Preserve the forensic information even if the current system is hacked into and disabled.
  1. Basic system and software version info
  2. Detailed system info via WMI (including storage, features, hotfixes, drivers)
  3. Disks and volumes – critical volumes, partitions information
  4. Network connections and activity – current connections, port listeners, routing table, network statistics
  5. Process list
  6. Volume Shadow Storage details – providers, snapshots, volumes, writers and writer states.

Simply, we’re the best. 🙂

But more seriously, our mission is to safeguard our clients’ future though cyber-resilience. That means solving your business problems, not just your technology problems. 

If you get hacked and suffer losses, that’s a business problem. BackupAssist solves this in two ways: 

  1. giving you system recovery options to get running again, and 
  2. capturing forensic information to assist you when lodging a cyber insurance claim, 

And of course, providing these features at a compelling price point. 

The Cyber Black Box is another great example of how we’ve been at the forefront of backup and disaster recovery technology for the SME market. 

BackupAssist Classic is sold under a modular pricing model, which means you can purchase exactly what’s right for you. 

  • Backup & Recovery only – purchase a BackupAssist Classic license.
  • Backup & Recovery with Cyber-Resilience – simply add a BackupCare subscription on top of your license.

BackupCare provides you with ongoing cyber-resilience features such as Cyber Black Box and CryptoSafeGuard. As the cyber landscape is constantly changing, the BackupCare subscription enables you to stay up to date.