This category of work varies depending on the situation.
For the forensic part of this work, members of our team – including technology and law enforcement expertise as needed – will come to the location of the incident and work to determine what occurred and how it happened. This is done through combinations of reviewing systems and interviewing personnel as needed.
Incident management procedures are conducted from the beginning as the situation dictates. Some exploit methods, like ransomware, require up front incident management to protect company data. Once the organization is protected, forensic work can be conducted. In other scenarios, the forensic work is conducted up front and afterward incident management processes can be put into place to help fix the issue. We’re able to handle situations that arise, but it’s best to call earlier rather than later. Once the breach has occurred it becomes a fluid situation. Each action and reaction is important. We can help you think through your next steps.