Frequently Asked Questions
At Ornova, we solve complex problems in a digital world.
With expert focus on OSINT, cyber intelligence, and cybersecurity, we can help you to protect data, conduct online investigations, and strengthen critical infrastructures.
Here are some frequently asked questions about how we can help you.
About our services
OSINT (Open Source Intelligence) is the process of collecting and analyzing information from public and accessible sources on the internet. This includes social media, websites, forums, open databases (free or paid), data leaks...
At Ornova, we use OSINT to help you identify risks, investigate threats, verify information, and make informed decisions. This approach can be key to preventing fraud, screening profiles before hiring, improving your company’s online reputation, and strengthening your security strategy.
Anyone who needs accurate and verifiable information can request this service. This includes companies, law firms, private investigators, journalists, or individuals dealing with issues such as identity theft, fraud, or online threats.
We don't perform investigations out of the law.
Yes, as long as privacy laws are respected and only public and legal sources are used. It is not legal to disclose personal data obtained during an investigation.
At Ornova, all our investigations comply with current regulations, ensuring an ethical approach that respects Spanish and European legislation.
Our investigations are not just based on accessible data, but on strategic analysis that turns information into actionable insight. As experts in this field, we sometimes have access to databases that are not available to everyone. We deliver clear, reliable, and useful results tailored to your specific needs. Moreover, our commitment to ethics and confidentiality ensures that every case is handled with the highest level of professionalism.
Yes, we collaborate with journalists and media outlets to verify data, locate sources, and ensure the accuracy and truthfulness of the information published. Our expertise in OSINT allows us to provide fast and reliable results, always respecting journalistic ethics.
It is a service specifically designed for VIPs or public figures. This service is aimed at protecting your identity and personal data online, especially data that could easily reveal your location, personal phone number, etc. It includes the identification and removal of sensitive information from public sources, privacy configuration on social media, connected devices, and personalized advice to minimize your digital footprint.
es, we have advanced tools and digital analysis techniques to track potential online frauds or extortions. Our team investigates the source of the threats, collects evidence, and provides guidance on how to effectively resolve the issue.
It is important to note that in many cases, it may not be possible to identify the perpetrator of the fraud or extortion due to the use of third-party means obtained illegally to commit the crime.
What we can do is help your employees identify most types of fraud and protect themselves from them.
We can also gather the necessary evidence to file a report with as much information as possible.
To recover your account, we need proof that you are the legitimate owner, such as screenshots, emails related to the account, and a detailed description of the incident. Once this information is gathered, we work with you to regain access quickly and securely, always following the protocols of the affected platform.
The speed of action once the account theft is detected is key to its recovery.
The main issue with industrial networks is that many times there are devices installed that are outdated and not frequently updated. If these devices have known vulnerabilities, they become an entry point to the corporate network.
A cybersecurity audit for industrial networks assesses the security of your OT/IoT systems. It includes:
Vulnerability analysis in devices and networks.
Evaluation of security configurations.
Stress tests against cyberattacks (pentesting).
A detailed report with personalized recommendations to strengthen your critical infrastructure.
Yes, our audits also cover conventional networks. We analyze the current state of your systems, identify potential security flaws, and provide solutions to protect your network against unauthorized access or attacks.
We audit a wide range of IoT devices, including security cameras, industrial sensors, PLCs, SCADA, smart home devices, and systems connected in business environments. Our goal is to detect vulnerabilities and ensure these devices do not become entry points for attacks.
A Wi-Fi network audit evaluates the security of your wireless network to identify potential flaws or unauthorized access. It is essential to ensure the privacy of your data, protect connected devices, and prevent attacks that could compromise your corporate network.
From misconfigured networks, malicious networks impersonating your corporate Wi-Fi, outdated access points... A wireless network is one of the main failure points an experienced attacker will target.
Although identifying the exact source of an attack can be complicated due to techniques like the use of proxies and anonymous networks, we have advanced tools and methodologies to track patterns, locate possible origins, and collect useful evidence to mitigate future threats.
About our working methodology
Before starting any cybersecurity audit, we will meet with the client to assess specific needs, the scope of the audit, and agree on the "rules of engagement" that will govern the intervention.
In a cybersecurity audit, we follow a structured approach:
Initial analysis: We identify your needs and the objectives of the audit.
Information gathering: We review the configuration of your systems and networks, identifying attack vectors, accessible service versions, etc.
Analysis of known vulnerabilities: We conduct a vulnerability analysis to check if the system being audited is susceptible to known vulnerabilities. The audit may end here, with the corresponding report, or it may continue with step 4.
Pentesting: We conduct penetration tests and security assessments based on the previously agreed rules of engagement to attempt to breach the system through other means or to test the defensive team’s response capacity.
Report and recommendations: We provide you with a detailed report with our findings and suggested actions to mitigate risks.
Implementation and follow-up: If requested, we assist with implementing solutions and monitor the results.
The duration of a digital investigation depends on the complexity of the case. Simpler investigations can be completed in a few days, while more advanced cases, such as complex frauds or extortions, may take weeks. We always provide an estimated timeline at the beginning of the process and maintain constant communication to keep you updated on the progress.
To get started, we need:
A clear description of the problem or objectives.
Signing an NDA to protect both parties and ensure the privacy of shared information.
In the case of audits, account recovery cases, etc., a signed authorization from the client to carry out the necessary actions to complete the job.
Confirmation of payment for the service in advance.
Access to relevant systems, networks, or devices (in the case of audits).
Documentation or evidence, such as screenshots, suspicious emails, or details of compromised accounts.
Everything you share will be handled confidentially and securely.
We understand that confidentiality and trust with our clients are essential.
We sign confidentiality agreements (NDAs) with all our clients.
We implement strict security measures to protect the information you entrust to us, including data encryption, offline data storage, and limited access for our specialized team.
We never share information without your explicit consent.
- Contact us through our web form, email, or phone.
- We will analyze your situation and send you a personalized proposal. You will know the same day if we can help you.
- Once the proposal is accepted and the initial payment is made, we will begin the project according to the agreed plan.
- We will guide you throughout the entire process to ensure it is quick and easy.
Yes, we are available for critical emergencies at any time. If you face an urgent situation, such as a cyberattack or loss of control over social media accounts, our team can act immediately to minimize damage and resolve the issue.
In the event that no staff is available at that moment to handle the emergency, we would notify you right away.
We always provide a comprehensive and clear report. This includes:
The procedure followed and the sources consulted.
The findings obtained during the audit or investigation.
Specific recommendations to mitigate risks or resolve issues.
Steps to take in order to maintain security in the future.
Our goal is to ensure you have all the necessary information to make informed decisions.
Although we do our best to provide effective solutions, some cases may have external limitations.
If we are unable to resolve your issue, we will provide you with a report outlining all findings and suggestions for moving forward. Additionally, we will keep you informed about the progress and available alternatives.
We work under the premise of maximum effort and will not give up as long as there are options available.
Still considering if our services are what you need?
Tell us about your case, and you’ll know the same day if we can help.
Copyright © 2025. all rights reserved