If you have a suspected or confirmed security incident (malware infestation, denial of service attack, attempted or successful hacking, data loss, etc.) Foreground's digital forensics experts can help.
- Triage - In the initial phase, we will gather device logs (firewall, router, IPS/IDS, server), create forensic images of potentially infected systems, and perform a full network packet capture to identify other infected systems, communication patterns, etc. Once we have a sense of the scope of the incident, we will help you decide whether to focus on protecting your IT environment or pursuing the attacker. If the decision is to pursue, we will allow the intrusion or misuse to continue as we gather more information about the source of the attack.
- Containment and Eradication - We will perform further analysis to determine the exact cause of the incident, how to limit the scope and magnitude of the incident, how to remove the cause of the incident, and how to protect your environment from similar incidents in the future.
- Recovery - We will help you get your environment back up and running and verify normal operations.
- Follow-Up - We will develop an incident report detailing actions taken, lessons learned, and recommendations to prevent future incidents.