Investigate and resolve computer security events ranging from single-system compromises to enterprise-wide intrusions by advanced attack groups that span hundreds of thousands of systems.
Since 2012, Forensic Instinct has focused on incident response services. It is our primary area of expertise. Forensic Instinct has responded to breaches across all industries, organization sizes, technical environments, and provided incident response services to mitigate the effects of many of the largest and most impactful cyber breaches in the past.
Forensic Instinct Incident Response Services specialises in investigating intrusions and targeted attacks performed by advanced threat groups. Our consultants use proprietary technology, creative investigative techniques and intelligence gathered during each investigation to improve our ability to identify the actions of the attacker, the scope of the breach, the data loss, and the steps required to remove the attacker’s access. We also learn how to better re-secure the network.
As part of Incident Response Services, our consultants have investigated:
Systems used by employees, board members and other insiders suspected of inappropriate or unlawful activity.
An incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so.
Atype of malicious software designed to block access to a computer system until a sum of money is paid.
Incident Response Services focuses on helping organisations recover from data security breaches while minimizing the impact of the event on the organisation. Major activities performed during an investigation include:
Assessing the Situation
Each investigation begins by gaining an understanding of the current computer security incident. This also includes understanding what steps you have already taken to investigate or address the situation.
Perform Enterprise Investigation
Leveraging over 10 years experience in undertaking complex and sensitive investigations, we quickly search large, complex networks for evidence of attacker activity.
Providing Management Direction
During each incident response investigation our consultants works closely with your management and internal/external legal counsel to provide detailed, structured, and frequent status reports that communicate findings and equip you to make the right business decisions.
We provide a detailed investigative report at the end of every engagement that addresses the needs of multiple audiences, including senior management, technical staff, third party regulators, insurers, and litigators.
Verifying Client Objectives
The next step is to define objectives that are practical and achievable.
Our consultants collect evidence with forensically sound procedures and document evidence handling with chain-of-custody procedures that are consistent with law enforcement standards.
Forensic Instinct draws on skills that range from host and network forensic analysis across all platforms to malware reverse engineering and log analysis to determine the attack vector, establish a timeline of activity, and identify the extent of the compromise.
Incident Response Services includes a comprehensive remediation plan that both eliminates the attackers from the environment and implements new security controls to reduce the likelihood of a recompromise.
Our digital forensic analysts are leaders in our field. We have produced outstanding results in literally hundreds of cases, and our experts have extensive testimony experience, advanced training, and certifications. We bring experience from both Law Enforcement and the Private Sector.
Forensic Instinct experts are trained and follow the practices outlined in the HB 171-2003 Guidelines for the management of IT evidence by Standards Australia. This document is primarily for investigative community and serves as the main guide to setting standards for Australian courts. As such, this sets the levels of expectations that digital evidence must meet as exhibits for consideration by the Judge and Jury.