Skip to Main Content

Incident Response and Computer Forensics

An expert-generated response to cybersecurity

Organizations impacted by security incidents have a trusted partner in TrustedSec to determine the extent of the compromise and create actionable steps to keep the damage under control.

Our Incident Response team is focused on helping clients recover from Information Security events, while minimizing the impact of the event on the organization. Whether the incident is caused by a malicious insider, an external attacker, or the result of a large-scale breach, TrustedSec can provide Incident Response and Forensic Analysis services.

TrustedSec analysts are highly trained and experienced, having contributed to projects for the National Security Agency and U.S. Armed Forces for intelligence-related missions. Professional experience varies from the private and government sectors, and only private, top-level senior resources are used when performing any type of forensic analysis. TrustedSec’s experts are here to assist in any situation and respond to incidents as they happen.

TrustedSec consultants draw on a range of unique skills, experience, and technology to investigate each incident, contain the situation, eradicate the attacker, and remediate the environment. TrustedSec utilizes industry-standard, top-class hardware and software while performing Incident Response and Forensic activities to ensure quick and accurate results. The techniques used by TrustedSec are admissible in a court of law and ensure appropriate chain of custody and the highest standards of quality.

Our process

  1. Assess - Each investigation begins by gaining an understanding of the current situation. Approximately when did the incident take place? How was the issue detected? What individuals, departments, business units, and physical locations have been impacted? What forensic data has been collected? What Incident Response steps have been taken? What does the environment look like? Who are the main points of contact for incident communication?
  2. Define client objectives - The next step is to define objectives that are practical and achievable. The goals may be to identify if there has been any data loss, recover from the incident, identify the attack vector used, attribute the attack, or a combination of these examples.
  3. Investigate - TrustedSec Incident Response consultants collect information using forensically sound procedures and document evidence-handling with chain of custody procedures that are consistent with law enforcement standards.
  4. Determine containment and remediation plan - Remediation plans vary depending on the extent of the compromise, the size of the organization, the capabilities of the client infrastructure, and the tactics/objectives of the attacker. As part of an investigation, TrustedSec delivers a comprehensive containment and remediation plan and assists with the implementation.
  5. Provide direction - During each investigation, TrustedSec works closely with the client management team to establish a predetermined communication and reporting cadence. Detailed status reports will provide up-to-date incident tracking, used to communicate critical findings, and equip clients with the tools necessary to make the correct business decisions.
  6. Analyze - Based on the evidence that is available and the client’s objectives, TrustedSec utilizes forensic imaging, malware reversing, and log analysis techniques to determine the attack vector used, establish a timeline of incident activity, and identify the extent of the compromise.
  7. Reporting - TrustedSec provides a detailed investigative report at the end of every engagement that addresses the needs of multiple audiences including senior management, technical staff, third-party regulators, insurers, and litigators. The investigative reports will contain sections such as an executive summary, incident event timeline, critical incident findings, associated threat intelligence, and malware analysis.

Report a breach

Contact our incident response team.

Read our blog

Explore the latest cybersecurity topics on the TrustedSec Security Blog

Blog February 22 2024

MailItemsAccessed Woes: M365 Investigation Challenges

Email compromises within Microsoft 365 are too common these days. The TrustedSec Incident Response team receives a lot of calls to investigate M365 email…

Read about this article
Blog February 01 2024

The Rising Threat: A Surge in Zero-Day Exploits

IntroductionThe cat-and-mouse game between defenders and attackers continues to escalate in the ever-evolving cybersecurity landscape. Advanced Persistent…

Read about this article
Blog December 14 2023

Unmasking Business Email Compromise: Safeguarding Organizations in the Digital Age

Business Email Compromises (BEC) within the Microsoft 365 environment are a large threat with nearly $500 Million reported in stolen funds in 2022[1].…

Read about this article
Blog July 25 2023

Prefetch: The Little Snitch That Tells on You

Incident Response and forensic analysts use the contents of prefetch files in investigations to gather information, such as the source from which an executable…

Read about this article
Blog June 01 2023

Critical Vulnerability in Progress MOVEit Transfer: Technical Analysis and Recommendations

On May 31, 2023, Progress Software released a security bulletin concerning a critical vulnerability within MOVEit Transfer, a widely used secure file transfer…

Read about this article
Blog April 25 2023

Incident Response Rapid Triage: A DFIR Warrior's Guide (Part 3 – Network Analysis and Tooling)

Within the first two installments of this series, we identified the key to successful incident preparation starts with making sure a solid incident triage…

Read about this article
Blog April 20 2023

Incident Response Rapid Triage: A DFIR Warrior's Guide (Part 2 – Incident Assessment and Windows Artifact Processing)

In Part 1 of this series, we identified that there are three (3) key parts to successful incident preparation: ensuring that a solid incident triage process is…

Read about this article
Blog April 18 2023

Incident Response Rapid Triage: A DFIR Warrior's Guide (Part 1 – Process Overview and Preparation)

In this series, I will be discussing how to handle an incident with the speed and precision of a DFIR warrior. With a rapid triage mindset, you'll be able to…

Read about this article
Blog April 11 2023

On the Road to Detection Engineering

Introduction People have asked numerous times on Twitter, LinkedIn, Discord, and Slack, “Leo, how do I get into Detection Engineering?” In this blog, I will…

Read about this article
Blog March 17 2023

Critical Outlook Vulnerability: In-Depth Technical Analysis and Recommendations (CVE-2023-23397)

Threat Overview Earlier this week, Microsoft released a patch for Outlook vulnerability CVE-2023-23397, which has been actively exploited for almost an entire…

Read about this article