In case of hacking and cyber attacks react quickly
+49 201 5454 1337
Prevention: Forensic Readiness
Every minute counts during an IT incident. The question of what to do in the event of a hacker attack should therefore not only be asked when the emergency has already occurred. In order to be able to react effectively and efficiently, structures, processes and decision trees need to be defined in advance. It is particularly important that the people involved in the company have a common understanding and that there is a clear distribution of roles and decision-making competences. Forensic readiness increases the responsiveness of the internal IT team: jointly developed and continuously practised guidelines, procedural instructions and processes prevent mistakes from being made at the decisive moment.
In addition to general advice, we provide you with concrete support in the form of individual workshops, the creation of training documents - adapted to your organisation - and a comprehensive final report with recommendations on how to proceed. By means of forensic readiness, you are thus in a position to react quickly to a cyber attack.
Detailed analyses: Forensic Investigations
The origin of every incident is a single compromised system, the so-called "patient zero". If this system is known, it can be examined as part of an analysis called forensic investigations. First, a 1:1 copy of the system's data carriers is created. All further work is carried out on this copy in order to obtain the chain of evidence.
Based on the copies of the data carriers, timelines are generated from information of the file system, local processes and existing log data. These timelines are then analysed by our IT forensic experts and conclusions are drawn about the course of the incident.
Forensic investigations are crucial in the event of a hacking attack. By conducting a forensic investigation, you can determine the extent of the attack and how it was carried out. This information can help you take steps to prevent future attacks and protect your organisation's data.
Creation of a complete situation picture: Compromise Assessment
An incident rarely comes alone. In most cases, it is rarely limited to a single system, but can spread to large parts of the company's IT in a short time. Identifying the source is no longer possible through manual work alone and therefore a Compromise Assessment is necessary. In this process, all active systems are analysed by a special software that searches for fragments of malware and suspicious processes. In this procedure, deleted files are also restored in order to find hidden indications of a possible compromise.
The results of the analysis phases are then collected centrally, correlated with each other and a holistic situation picture of the systems affected by the incident is created. Based on this situation picture, further forensic investigations can be effectively planned and the cause of the incident can be determined.
The aim of a Compromise Assessment is thus to determine the extent of compromise, identify the resources affected and recommend corrective actions.
Even regardless of a concrete hacker attack, we offer the possibility of a comprehensive cybersecurity check to create a detailed situation picture of your security level and thus reduce the chances of potential attackers.
Send us an inquiry via the contact form. We are happy to help.