THE ANALYSIS FOLLOWING AN INCIDENT
Have you been hit by a cyber-attack and need help clearing things up? Our team of experienced computer forensics experts can help with identifying the cause, scope and perpetrator of the attack for you. Furthermore, we advise you on communication issues and create regulatory or compliance-specific reports for you, if required.
KEY QUESTIONS ABOUT INCIDENT INVESTIGATION
Our technical incident investigation focuses on answering the following questions:
- How did the attack happen? Which vulnerabilities were exploited?
- Which systems have been affected by the attack?
- What damage was caused and which data has been stolen?
- Who was the perpetrator?
- How can future attacks be prevented?
Our forensic investigation comprises six phases. This procedure is based on international standards and best practices such as SANS, NIST and the BSI standards [BSI – Bundesamt für Sicherheit in der Informationstechnik – in English: German Federal Office for Information Security]. All the phases and their results are documented accordingly. After the incident analysis has been completed, you will receive an extensive forensic report with recommendations on how to prevent attacks in the future. Furthermore, we issue you with any regulatory notifications that might be required.
WHAT TO DO IN CASE OF AN EMERGENCY
LEAVE EVERYTHING UNCHANGED
Of course, the primary concern in most cases is to reduce the damage and to re-establish normal operation as soon as possible after a security incident. However, from a security point of view, the affected system should not be directly reinstalled after each and every incident, because this often means that the cause of the incident remains unknown and the system is still vulnerable to new attacks. Changes to the system should therefore be avoided in order not to jeopardize the investigation of the cause.
RECORD EVERYTHING THAT HAS HAPPENED
Document what happened when, and what you did. This information is extremely valuable for the work of our computer forensic team.