Incident Response and Computer Forensics
An expert-generated response to cybersecurity
Organizations impacted by security incidents have a trusted partner in TrustedSec to determine the extent of the compromise and create actionable steps to keep the damage under control.
Our Incident Response team is focused on helping clients recover from Information Security events, while minimizing the impact of the event on the organization. Whether the incident is caused by a malicious insider, an external attacker, or the result of a large-scale breach, TrustedSec can provide Incident Response and Forensic Analysis services.
TrustedSec analysts are highly trained and experienced, having contributed to projects for the National Security Agency and U.S. Armed Forces for intelligence-related missions. Professional experience varies from the private and government sectors, and only private, top-level senior resources are used when performing any type of forensic analysis. TrustedSec’s experts are here to assist in any situation and respond to incidents as they happen.
TrustedSec consultants draw on a range of unique skills, experience, and technology to investigate each incident, contain the situation, eradicate the attacker, and remediate the environment. TrustedSec utilizes industry-standard, top-class hardware and software while performing Incident Response and Forensic activities to ensure quick and accurate results. The techniques used by TrustedSec are admissible in a court of law and ensure appropriate chain of custody and the highest standards of quality.
Our process
- Assess - Each investigation begins by gaining an understanding of the current situation. Approximately when did the incident take place? How was the issue detected? What individuals, departments, business units, and physical locations have been impacted? What forensic data has been collected? What Incident Response steps have been taken? What does the environment look like? Who are the main points of contact for incident communication?
- Define client objectives - The next step is to define objectives that are practical and achievable. The goals may be to identify if there has been any data loss, recover from the incident, identify the attack vector used, attribute the attack, or a combination of these examples.
- Investigate - TrustedSec Incident Response consultants collect information using forensically sound procedures and document evidence-handling with chain of custody procedures that are consistent with law enforcement standards.
- Determine containment and remediation plan - Remediation plans vary depending on the extent of the compromise, the size of the organization, the capabilities of the client infrastructure, and the tactics/objectives of the attacker. As part of an investigation, TrustedSec delivers a comprehensive containment and remediation plan and assists with the implementation.
- Provide direction - During each investigation, TrustedSec works closely with the client management team to establish a predetermined communication and reporting cadence. Detailed status reports will provide up-to-date incident tracking, used to communicate critical findings, and equip clients with the tools necessary to make the correct business decisions.
- Analyze - Based on the evidence that is available and the client’s objectives, TrustedSec utilizes forensic imaging, malware reversing, and log analysis techniques to determine the attack vector used, establish a timeline of incident activity, and identify the extent of the compromise.
- Reporting - TrustedSec provides a detailed investigative report at the end of every engagement that addresses the needs of multiple audiences including senior management, technical staff, third-party regulators, insurers, and litigators. The investigative reports will contain sections such as an executive summary, incident event timeline, critical incident findings, associated threat intelligence, and malware analysis.
Read our blog
Explore the latest cybersecurity topics on the TrustedSec Security Blog