Remediating suspected computer intrusions or data breaches requires decisive action informed by experience and an understanding of the threat enviroment of the target. We recommend a forensic incident response approach, balancing preservation of existing evidence, gathering evidence of ongoing malicious activity, and lockdown and remediation of compromised systems.
This requires strong management and a hybrid set of digital forensic and information security techniques. We bring the experience and management to steer response in heated times, the forensic technqiues to reliably assess the extent and cause of the breach, and partner with network and computer security experts to lock down and remediate your environment.
We provide expert advice, opinion and analysis services in relation to computer intrusions:
A business suffered a large scale deletion of email records maintained by an employee, and unexplained remote access activity the day prior to the employee being absent from work. On querying the activity with the employee, no satisfactory explanation was provided. Suspicions were formed that the employee was undertaking sabotage of the business.
A forensic analysis of the computer of the employee yielded evidence of the uninstallation of the Skype communications application at the time of the unexplained remote access activity. Traces of Skype messaging were recovered, the content of which indicated significant non-work usage of a potentially embarrassing nature.
The evidence obtained informed the business of the extent of the employee's actions and was sufficient grounds for terminating the employment of the employee.