About the service

Investigation of information security incidents (forensics) — this service provides an opportunity to get a complete picture of an information security incident that has occurred in an organization. How information was hacked or leaked, what information systems were hacked, what tools were used by attackers. And most importantly - how to prevent the recurrence of a similar situation in the future.

The concept of an information security incident includes all actions that are not permitted or unacceptable within the framework of the information security policy, committed in the network or information system of the customer. The investigation of information security incidents is relevant for any business, since a successful investigation helps to minimize the negative economic consequences that such incidents lead to (leakage of confidential information, data spoofing, discrediting reputation, etc.).

The investigation includes complex data collection and analysis. Forensics is responsible for checking the technical plan: examination of computers, server systems, networks and storage media.

What are you getting

•     Restoring the chronology of events in an incident.
•     Detection of used tools.
•     Collection of evidence base on the incident.
•     Identification of the source of the incident (internal or external intruder).
•     Evaluation of the scale of the actions taken.
•     Evaluation of possible consequences and issuance of recommendations for protection.

Why Conduct an Incident Investigation?

The result of the investigation of information security incidents is the identification of the culprit of the incident and the reasons for his actions, the consequences of the incident for the organization and the development of a strategy to eliminate the consequences. Depending on the causes of the incident and the scale of the consequences, software, hardware and organizational measures are determined to prevent a similar incident in the future. An important point is the use of information obtained during the investigation to develop a set of measures to prevent information security incidents.

How we are working

1.     We sign a non-disclosure agreement.
2.     We request preliminary information about the incident, organization, employees.
3.     We agree on an action plan. We conclude an agreement. Let's get to work.
4.     We are studying the consequences of the incident and collecting the necessary data.
5.     We provide a detailed report on the work done.

Who is the service suitable for?

You need a service if:

•     You want to know how your system was hacked, who is to blame and what are the consequences.
•     You want to know what information was compromised or stolen and on what scale.
•     You want to protect your assets and information systems from future information security incidents.