TechGeek can provide immediate remote assistance, and can physically be at your site in as little as 4 hours. We are prepared to fully manage your incident response from start to finish. A rapid response, coupled with appropriate procedures, is critical to the success of controlling a security incident and preventing future occurrences.
When our skilled experts are deployed to your site, we will:
• Secure the scene
• Review the incident, and fully define the scope and the known timeline of events
• Reconstruct the security incident and identify potential suspects or groups of suspects
• Establish a timeline and project management framework for responding to the incident
• Isolate the probable cause using a structured root-cause analysis
• Contain the situation and eliminate the probable cause
• Preserve all evidentiary materials including live system data (physical memory, system parameters), network activity, IDS sensor output, firewall output, relevant event logs
• Conduct supplementary analysis, such as reverse-engineering of malware to determine if the organization has been targeted, or if the cyber incident was opportunistic
• Assist in recovery to a fully operational status
• Conduct a post-incident review to gather all relevant findings from key stakeholders
• Report on all findings, including investigative findings, evidence, and key recommendations.
• An executive summary will be prepared for non-technical review