Incident response

The goal of the project was to manage activities after a security breach of customer IT system, conduct forensic research to receive the details of the incident, clean network from hackers and assist in lessons learned exercises to prevent further breaches. The initial response included isolation of compromised systems, logs collection, network traffic and netflow collection. External requests were made to the Internet service provider to obtain additional connectivity details from the customer systems.


After forensics analysis and malware reverse engineering the customer got:

  • Detailed timeline of hackers activity
  • List of hackers tools and other artifacts with their functionality description
  • Vulnerabilities exploited by hackers to initially compromise the system
  • Hackers techniques (e.g. lateral movement)
  • Detailed remediation plan
  • Suggestions for the BCP/DRP improvements.
This website uses cookies to give you the best experience. Terms & Conditions