Incident response & digital forensics
Cybersecurity incidents are increasingly common events with a usually devastating impact. In case of sophisticated ransomware, every operation of an organization can be disabled and the future of the company is at the mercy of the attackers. Incident response capability is something you probably want to develop as an in-house skill, to the highest possible level. We offer a range of products and services to help you reach the next level, wherever you are right now.
What is next level for your company?
Service options
Training
We offer 4-8 day training programs for our clients to train their applied experts to handle incidents. In this basic digital forensics and incident response (DFIR) training, they will learn how to perform initial steps to preserve as much evidence as possible until a more skilled investigator arrives. They will learn how to create memory images of compromised systems, forensic duplicate disks, identify who might be responsible for an attack, build an initial timeline, handle minor incidents without external help. We tailor the covered topics and depth of the training to the current knowledge of the participants. Our practical training also contains ready-to-use tools for incident management (mostly open source).
Playbooks
Once you have personnel who can understand the basic principles of incident management and apply the tools, we offer them ready-made playbooks to follow in specific situations. Using these will significantly speed up the defense in an incident situation, as problems can get out of hand mainly due to a lack of headspace. These playbooks detail how to respond to each type of incident, how to collect evidence, contain the attackers and deploy countermeasures. It is possible to tailor these playbooks to the organisation according to our clients' needs.
Incident handling
We provide all the help we can to ensure that our clients have the incident management capabilities in-house, but we provide incident response service in the form of a subscription. In the event of an incident, we start an investigation as soon as possible. We will look at the scope of the problem, dig into the artifacts, review the indicators of compromise and at the end of the investigation, we will provide a detailed report with recommendations for changes to security processes and technology. This service can be of particular interest to organisations with a CDC or SOC.
Our methods and work standards
Why choose us
Detailed situation assessment, understanding the context of the analysis
Rapid investigation - we give our clients tangible results very quickly
Our clients will also receive the results of the deep analysis later
We make suggestions to avoid future incidents, we follow-up incidents as needed
We are integrated in the international academic network of mad scientists and IT security communities
What you get
Educational, transparent and detailed report to upgrade your security posture
Professional excellence, customer oriented attitude
Follow-up, support, training and consulting as requested
We have real professional knowledge and industry experience
All our results are delivered with business usability in mind
Copyright 2023 Ukatemi Technologies Plc.