The TechGeek Post-Compromise Assessment combines our advanced knowledge of attacker methodologies and tools with our experience in responding to data security incidents. The following activities will be performed:
• Environmental review – TechGeek will review your organization’s network topology, especially the ingress and egress points. Typical network traffic and activities will be baselined
• Conduct endpoint analysis – Using automated tools and manual inspection, TechGeek will review the network, data
systems, and applications against our library of Indicators of Attack (IOA; present when there is an active attack on-going)
and our library of Indicators of Compromise (IOC; present when an attack has been completed).
• We will conduct an advanced search for malware, including ransomware and advanced persistent threats (APTs). Finally, we will examine the network for covert channels permitting connections of your network to unauthorized third parties
• Evidence analysis – TechGeek investigators will manually verify to eliminate any false-positive results. At this stage, forensic techniques may be applied, such as bit-level imaging to preserve evidence for study and litigation. Malware may be reverseengineered, especially to verify if it is targeted against the client organization. Advanced log analysis may also be completed.
• Re-Assessment – Once the relevant IOAs and IOCs have been identified and verified, the network environment (wired, wireless, backed-up data) will be re-assessed to ensure that all instances of compromise have been identified
• Targeted remediation – Once the specific threats have been identified, TechGeek will recommend immediate steps to eradicate the threat. These recommendations will include controls to prevent a return of the threat
• Presentation of findings – TechGeek will provide an executive summary and full documentation of the compromise
assessment that has been completed, including major findings, and recommendations to address any remaining risks. If litigation is being pursued, additional documentation may be prepared