What are post breach investigations?
A post breach investigation is a process of examining data and systems after an attack in order to mitigate current & future risk.
Sometimes, attackers are successful in gaining access to your systems, either due to lack of protection, or inadequate protection. Part of the recovery process after an attack is to understand what happened, how it happened, and to learn from this to ensure that this doesn’t happen again.
Digital forensics is the investigation of data and information after an event. This could be after a system attack or breach, or it could be the loss or theft of data from within the business, perhaps as a result of malicious employee activity. Either way, digital forensics allows you to follow the information flow, recover evidential artefacts and build a package of evidence which can be used to:
- Provide to law enforcement or regulatory bodies
- Understand exactly what happened and stop it from happening again
- Build greater resilience within your systems
Digital forensics plays an important role in the information security lifecycle. Recovering traces of data and artefacts can provide an important insight of what happened, and how. Critically, digital forensics also presents an opportunity to recover data which might be believed to be lost or damaged.
Why us samurai for incident response?
There is little point in getting all systems operational again if a repeat malicious incident occurs soon after. It is therefore essential to ascertain exactly how the incident occurred and to ensure it cannot happen again. Our experts understand exactly what is necessary to determine the time line of a breach, point of entry and how it spread. In addition to interpreting logs and understanding breach methods we are also experts in digital forensics. This means we can dig down to the level of analysing hard drives and network traffic to uncover the cause and scale of an incident. We have experts who work with the National Crime Agencies National Cyber Crime Unit working as special officers to identify the causes of breaches against serious high profile organisations. We understand the need to become operational again as soon as possible and the importance of finding and eliminating the threats.
Our incident response expertise enables us to effectively plan for an incident. We ensure the appropriate logging is enabled and technical systems are in place, but also that the correct people are involved, and everyone knows exactly what to do and when to do it if the worst was to happen. While you can’t always control how the breach occurs, you can control how you respond to it and if managed appropriately much of the damage can be mitigated.
Our experts have many years of experience in this field and continue to support a number of organisations, including the National Crime Agency and other law enforcement agencies, with their forensic investigation requirements.
Their experience reaches beyond investigation and into the presentation of evidence to corporate or regulatory panels, or even at Court.