Determine the threat and cause and understand the extent of the compromise

To fully understand the extent of the breach, it is critical to comprehend the root cause to ultimately contain the incident. In many cases, an in-depth forensic analysis is required to capture those artifacts that would be of evidentiary value. 

Identify, Isolate, and Remediate a Threat

We capture and analyze data stored in your hard drives, CDs, DVDs, thumb drives, and other media formats and follow evidentiary procedures to ensure integrity and admissibility.  Computer forensic investigation can be performed during Incident Response Handling or independently. 

Quick and efficient actions are crucial when your IT assets are under attack to not only reduce the threat but to also conserve critical data and systems. Not all IT organizations have the necessary resources and revenue required to adequately identify, contain and eradicate an active security threat. Regrettably, a delayed reaction only results in increased damage and debts from a security breach. 

Incident Response minimizes the impact and duration of a security breach and provides containment and eradication of the threats. We analyze the threat to determine the cause and take immediate action to stop and remove the threat from your environment. Identifying the cause of the threat is one thing, but understanding the motive is another. We will reverse engineer malware to determine its functionality and purpose. The insight we gain of the technical capabilities and the resources used by the malware will aid in establishing countermeasures to prevent future attacks while providing detailed analysis to your executive team. 

Chain of Custody

Our team will perform forensically sound evidence capture and follow the approved methodology to ensure the evidence captured will “hold up” in a court of law. Additionally, by using the standardized collection methods, evidence is generally captured more efficiently as checklists are used for proper collection and documentation. 

Incident Response Planning and Analysis Services

A strong Computer Security Incident Response Plan (CSIRP) can minimize the duration and impact of a security breach. David J. Peck and Associates, Inc. security consultants help your organization to prepare to respond quickly and effectively. 

Available Incident Response Planning and Analysis services include: 

•  Computer Security Incident Response Plan (CSIRP) and Program Development  CSIRP Gap Analysis 

•  Customer Information Disclosure Planning 

•  Logging Configuration Review 

•  Compliance Integration 

•  Incident Response Retainer Services 

Don't have an Incident Response (IR) plan? DJPaA will assist you with developing and implementing one. We will help your company integrate an effective security policy, starting with defining IR workflows, roles, and responsibilities, as well as refining your detection and response procedures. Before that happens, DJPaA will strive for full comprehension of current procedures and guidelines to devise an IR plan tailored to your organization's needs.  Afterward, key stakeholders can be educated about the IR plan via interviews and workshops, ensuring no one is left in the dark when crises arise. 

DJPaA will create IR Plans incorporating any previously available content that may include  the following sections: 

•  IR Charter 

•  Delineation of Roles, Responsibilities, Dependencies, and Levels of Authority for Incidents  Incident Categorization and Severity Definitions 

•  Procedural Flows and Escalation Procedures for Incident Handling 

•  Event Detection Process 

•  Triage and Analysis Process 

•  Incident Declaration Process 

•  IR and Recovery Process 

•  Incident Communication Process 

•  Reporting Procedures, Templates, and Forms 

•  Response Team, Key Vendor, and Law Enforcement Contact Information  Internal and External Notification Requirements 

•  Employee Awareness and Readiness Training 

•  Post-Incident Analysis and Improvement Process 

•  IR Metrics