|Situational Awareness – Collection
||The first phase in the process is to identify, label, record, and acquire data from the possible sources of relevant data, while following guidelines and procedures that preserve the integrity of the data. Collection is typically performed in a timely manner because of the likelihood of losing dynamic data such as current network connections, as well as losing data from battery-powered devices. We also take this opportunity to understand the network, identify all possible Internet connection.
|Forensics Analysis – Examination
||Examinations involve forensically processing large amounts of collected data using a combination of automated and manual methods to assess and extract data of particular interest, while preserving the integrity of the data.
|Tactical Remediation & Management Direction – Containment
||Once the Indicator of Compromise (IOC) are understood, we stop the bleeding and work with the internal IT team to ensure all possible paths of attacks are closed off. The objective is to gain control and during this phase we take control of the network. During this phase we brief the management team and help them with critical decision making process to manage the business need versus incident at hand.
|Investigation Output – Reporting
||We provide a detailed investigative report for each engagement that addresses the needs of multiple audiences, including senior management, technical staff, third party regulators, insurers, and litigators. During this phase we also provide the results of the analysis, which may include describing the actions used, explaining how tools and procedures were selected, determining what other actions need to be performed and providing recommendations for improvement to policies, guidelines, procedures, tools, and other aspects of the forensic process.