Product
it forensics

Be able to react quickly in the event of hacking attacks

What to do in case of a successful hacker attack? Our IT Forensic department offers a group of reactive services that you can call upon at short notice in the event of a K-case. In the event of a wide range of incidents, our experts support you with a triangle of prevention, detailed analyses and situation reports.

+49 201 5454 1337

For questions or potential hazards
Our services for reliable support in case of emergency

Every minute counts during an IT incident. To be able to respond effectively and efficiently, structures, processes and decision trees need to be defined in advance. A common understanding of the people involved in the company and a clear distribution of roles and decision-making competencies are particularly important. Forensic readiness increases the responsiveness of the internal IT team: jointly developed and continuously practiced guidelines, procedural instructions and processes prevent mistakes from being made at the decisive moment.

In addition to general consulting, we provide you with concrete support in the form of individual workshops, the creation of training materials tailored to your organization, and a comprehensive final report with recommendations on how to proceed.


The origin of every incident is a single compromised system, the so-called "Patient Zero". If this system is known, it can be examined as part of an analysis called forensic investigations. First, a 1:1 copy of the system's data media is created. All further work is performed on this copy to obtain the chain of evidence.

Based on the copies of the data carriers, timelines are generated from information of the file system, local processes and existing log data. These timelines are then analyzed by our specialists and conclusions are drawn about the course of the incident.


An incident rarely comes alone. In most cases, it is rarely limited to a single system, but can spread to large parts of the company's IT in a short time. Identifying the source is no longer possible with manual work alone, so a Compromise Assessment is necessary. In this process, all active systems are analyzed by special software, which searches for fragments of malware and suspicious processes. In this procedure, deleted files are also restored to find hidden clues to a possible compromise.

The results of the analysis phases are then collected centrally, correlated with each other and a holistic picture of the situation of the systems affected by the incident is created. Based on this situation picture, further forensic investigations can be effectively planned and the cause of the incident can be determined.


Contact request
Do you have any questions about IT Forensics?
Do you have any questions about IT Forensics?

Send us an inquiry via the contact form. We are happy to help.

Seite 1
I accept the privacy policy of secunet Security Networks AG (https://www.secunet.com/en/data-protection).