Breach Assessment

Breach Assessment is performed by experienced forensic security experts and supported by specialized forensics software, enabling organizations to identify suspicious activity.

Using server, endpoint, and network-targeted technology, the assessment identifies systems with suspicious behavior and artifacts. Knowing about this malicious activity can prevent the theft of valuable intellectual property, minimize adverse impact on business operations, and provide support for culpability investigation.

Our specialists will perform the following forensics to determine if an breach occurred:

• Analysis of server, network, system related log history and hard drive data, as applicable to the analysis.
• Analyze unusual traffic, user agent strings, DNS queries, persistence hooks, and more.
• Assessment of potential security incidents with Client system(s) and ancillary infrastructure.
• Perform threat and, as needed, forensic analysis of peripheral environment.
• Understand the how, who, when, where and why of the incident threat.
• Assess current and residual risk from the incident.
• Examine the flow of data in the Client environment to detect related issues of security concern.
• Identify command and control (C2) infrastructure.
• Acquire discovered evidence of the threat.
• Incident documentation and recommendations on remediation and risk management options.