Incident response & digital forensics

With our support, our clients can handle cyber attacks and recover from cyber security incidents. We provide situation assessment, incident response planning, technical assistance, evidence collection for later forensics analysis, advanced malware analysis, post-incident analysis and evaluation of the client’s incident response capabilities. Our digital forensics service focuses on exploring facts, vectors, history and impact of an attack therefore supporting the efficient conduct of internal and external investigations.

What to consider

Dimensions

Affected environment

IT environment attack methods: phishing attacks, attacks on services available on the internet via the network (website, mobile application), denial of service. OT environment attack methods: activities that occur in an industrial environment, also exist here and are cumulatively damaging (such as information leakage, interference with industrial processes, denial of service).

Digital forensics

We provide this for every platform: windows, linux, mac, mobile devices, IoT devices, network devices. We examine logs from the network, EDR, webserver, firewall logs, perimeter security system logs, IDS / IPS logs, SIEM logs, operating system event logs, etc. Wealso provide DISC forensics / File system forensics, memory forensics and email forensics.

Attribution of the incident

The first question is whether there is a pattern that can be linked to known attacker organizations or it was a stray malware attack, but of course we will investigate incidents from random malware exposure and targeted attacks too. In case the attack is state-sponsored, it is typically a very sophisticated, complex, long-lasting incident that focuses on a specific (OT) company.