Cyber Security Incident Response incorporates several different items which includes Digital Forensics, Incident Response/Breach remediation, and Information Security Management. We offer our clients complete remediation services to be responded to efficiently and quickly. We have the experience to provide a thorough analysis with our professional staff, including Penetration Testing and Forensic Analysis.
Incident Response Readiness
It’s important for organizations to have policies and procedures in place to handle any Cyber Security incidents. Having the procedures well defined, tested, and reviewed at least yearly will help make any cyber event that occurs less stressful and more organized. Including very detailed information such as contacts involved to escalate a situation can help to respond to any attack or event including ones that involve legal, IT, and your insurance company.
We will work with your staff and management to review your level of preparedness, assuring that any incident is handled competently with the right resources. As part of this process, we can help design the Incident Response Plan for your company, including internal information, security management policies, and procedures.
Initial Incident Response
Our clients rely on our team to respond quickly to any confirmed or potential breach, as well as system compromises or cyber security incidents. Our team is often called with little to no notice for investigations, suspected breaches, or security incidents. However, we provide direction and care throughout the process of containing, removing, and recovering from the incident. Protection of the system images is critical for the forensic analysis that will help determine how the breach occurred, the systems affected, and the possibility of data taken from the system.
Download our Incident Response Plan down below!
Forensic Investigation & Data Analysis
We have the tools to provide a detailed analysis of evidence relevant to the incident in question confirming the responses are effective, recovery efforts are operative, and strategic process are implemented to prevent recurrence. We will provide reports explaining a timeline of the events that lead to the incident, including an executive summary and recommendations on how to address found vulnerabilities in systems or processes which lead to the incident.
Retrieving Obscured Files
It’s never expected to find user information sitting in the default folders or location for any given file or folder. Analyzing the entire hard disk is required to locate unencrypted log and history files available during a forensic analysis. This could produce some false positives, so additional reviews are often required.
Hidden and Inaccessible Files and Folders
System users often protect information by assigning special file attributes and/or permissions to prevent unauthorized access. Hidden files and folders are common these days and will be presented and highlighted by every forensic analysis tool in existence. Most forensic analysis tools can bypass security attributes and permission control management (but not encryption) set by the file system.
Attempts to destroy digital evidence are common. Such attempts can be successful depending on the actions taken, time available to destroy evidence, as well as the type of storage device in use (magnetic hard drive, flash memory card, or SSD drive).
Important evidence often ends up in the recycle bin. This is especially true for Windows PC’s. Therefore, analyzing the recycle bin can often retrieve deleted files.
File carving is the forensic practice of reassembling files from raw data fragments when no filesystem metadata is available. It is a common procedure when performing data recovery after a storage device failure, for instance. It may also be performed on a core memory dump as part of a debugging procedure. Carving is essential when looking for destroyed evidence or data. Traditional hard drives may store bits of deleted data (or even entire files) for a long time after the file has been deleted. Sometimes even formatting the disk several times still leaves information that was originally stored on the disk.
Recovery & Remediation
Our consultants can work with your staff, if required, to remediate and recover from the incident. This can sometimes be as simple as isolating and rebuilding a single workstation or rebuilding a complete server infrastructure. We will assign a team or qualified professional to best handle the needs for your requirements.