Prevention: Forensic Readiness
Every minute counts during an IT incident. To be able to respond effectively and efficiently, structures, processes and decision trees need to be defined in advance. A common understanding of the people involved in the company and a clear distribution of roles and decision-making competencies are particularly important. Forensic readiness increases the responsiveness of the internal IT team: jointly developed and continuously practiced guidelines, procedural instructions and processes prevent mistakes from being made at the decisive moment.
In addition to general consulting, we provide you with concrete support in the form of individual workshops, the creation of training materials tailored to your organization, and a comprehensive final report with recommendations on how to proceed.
Detailed analyses: Forensic Investigations
The origin of every incident is a single compromised system, the so-called "Patient Zero". If this system is known, it can be examined as part of an analysis called forensic investigations. First, a 1:1 copy of the system's data media is created. All further work is performed on this copy to obtain the chain of evidence.
Based on the copies of the data carriers, timelines are generated from information of the file system, local processes and existing log data. These timelines are then analyzed by our specialists and conclusions are drawn about the course of the incident.
Creation of a complete situation picture: Compromise Assessment
An incident rarely comes alone. In most cases, it is rarely limited to a single system, but can spread to large parts of the company's IT in a short time. Identifying the source is no longer possible with manual work alone, so a Compromise Assessment is necessary. In this process, all active systems are analyzed by special software, which searches for fragments of malware and suspicious processes. In this procedure, deleted files are also restored to find hidden clues to a possible compromise.
The results of the analysis phases are then collected centrally, correlated with each other and a holistic picture of the situation of the systems affected by the incident is created. Based on this situation picture, further forensic investigations can be effectively planned and the cause of the incident can be determined.