Incident investigation and forensics
Our capabilities and responsibilities
During a computer security incident response and investigation, we perform the following actions:
- Conduct a technical analysis of large amounts of structured and unstructured data, including user activity data and alerts, to uncover anomalies.
- Discern obscure patterns and attributes to produce investigative leads, identify indicators of compromise, and uncover loss causing events.
- Lead highly sensitive, complex, and confidential threat investigations into technology misuse, incidents of data loss and intellectual property theft, conflict of interest, counterintelligence concerns, and security policy violations.
- Review data to assist with security inquiries and loss prevention efforts. Compile analysis results into high-level reports to support the stakeholders’ decision-making, and assist in creating detection and mitigation strategies.
- Provide timely notice of imminent or hostile intentions or activities that may impact the objectives of your organization, resources, or capabilities.
- Create new tools, tactics, and procedures (TTPs) to identify insiders. Provide proactive identification of new collection methodologies. Brief security team members on emerging threats to support the continued improvement of the customer’s Threat Management Program.
- Build threat models to quantify the security risks against known adversarial and malicious behaviours and campaigns.
- Complete risk assessments, communication campaigns, post-incident follow-ups, and any special analytical projects according to the customer’s objectives.
- Collect and preserve evidence admissible in court.
Check out our additional services and business cases. Submit the form below to request an incident investigation. Get a free consultation.
Business cases of projects we completed
Information security incident response and investigation
Managed security and compliance (ISO 27001, etc.)
Security analysis of software source code
Security assessment: audits and penetration tests
Security Operations Center cases