Incident response & digital forensics

Cybersecurity incidents are increasingly common events with a usually devastating impact. In case of sophisticated ransomware, every operation of an organization can be disabled and the future of the company is at the mercy of the attackers. Incident response capability is something you probably want to develop as an in-house skill, to the highest possible level. We offer a range of products and services to help you reach the next level, wherever you are right now.

What is next level for your company?

Service options


We offer 4-8 day training programs for our clients to train their applied experts to handle incidents. In this basic digital forensics and incident response (DFIR) training, they will learn how to perform initial steps to preserve as much evidence as possible until a more skilled investigator arrives. They will learn how to create memory images of compromised systems, forensic duplicate disks, identify who might be responsible for an attack, build an initial timeline, handle minor incidents without external help. We tailor the covered topics and depth of the training to the current knowledge of the participants. Our practical training also contains ready-to-use tools for incident management (mostly open source).


Once you have personnel who can understand the basic principles of incident management and apply the tools, we offer them ready-made playbooks to follow in specific situations. Using these will significantly speed up the defense in an incident situation, as problems can get out of hand mainly due to a lack of headspace. These playbooks detail how to respond to each type of incident, how to collect evidence, contain the attackers and deploy countermeasures. It is possible to tailor these playbooks to the organisation according to our clients' needs.

Incident handling

We provide all the help we can to ensure that our clients have the incident management capabilities in-house, but we provide incident response service in the form of a subscription. In the event of an incident, we start an investigation as soon as possible. We will look at the scope of the problem, dig into the artifacts, review the indicators of compromise and at the end of the investigation, we will provide a detailed report with recommendations for changes to security processes and technology. This service can be of particular interest to organisations with a CDC or SOC.




Our methods and work standards

Why choose us

Detailed situation assessment, understanding the context of the analysis

Rapid investigation - we give our clients tangible results very quickly

Our clients will also receive the results of the deep analysis later

We make suggestions to avoid future incidents, we follow-up incidents as needed

We are integrated in the international academic network of mad scientists and IT security communities

What you get

Educational, transparent and detailed report to upgrade your security posture

Professional excellence, customer oriented attitude

Follow-up, support, training and consulting as requested

We have real professional knowledge and industry experience

All our results are delivered with business usability in mind