our forensic investigation services
Security Incident Response Services
We provide investigative and advisory services in the aftermath of a security incident. This typically involves a combination of evidence protection, forensically sound investigation to determine how the breach occurred and if possible identify who may be responsible.
We can arrange for 24 hour response to provide on-the-spot advice on how best to deal with a breach at the point of discovery.
Sometimes clients wish to find out how a security event occurred, hoping to understand the infrastructure vulnerabilities or the weaknesses in process which led to a breach in order that they can mitigate future risk. Whilst these cases do not typically reach court, they draw upon the same unique skill-set of the forensic investigator and can support any subsequent legal proceedings.
Our methodology is as follows:-
1. Incident Identification & Assessment
This involves onsite investigation of the suspected systems to determine if a compromise has occurred. Careful attention is given to protection of potential future evidence chains and all examination of systems is done using non-intrusive methods where feasible. Where the customer has no existing incident response policies and procedures we will provide a severity assessment and create an incident log.
2. Recovery of Evidence
We use certified imaging equipment to take a forensically sound image of any disks on affected systems.
3. Investigation Of Causes
We use industry standard tools such as Helix and Encase to undertake investigations on copies of the evidential images. All work is undertaken in our ISO27001 labs where evidential integrity is maintained at all times.
Our other Forensic services include:
- Legal Support Services
- Malware Investigation
- Credit Card Fraud Services