主要联系人: 卡尔·N. Kriebel CISSP
In today’s state of cybersecurity, breaches are often not a matter of if, but when. Approximately one in four companies will experience a data breach within 24 months. This could be the result of a number of different threats, 比如恶意软件活动, foreign state-sponsored threat actors, cybercriminals looking to turn a quick profit, 甚至是内部威胁.
IBM’s Cost of Data Breach Study indicates that having access to an outsourced incident response team typically accelerates the timeframe that events can be contained, which can be a significant factor in reducing the overall cost of a breach. 不要等到为时已晚. Schneider Downs digital forensics and incident response experts can be engaged ahead of a breach through a retainer contract or during emergency situations as needed. Our team of digital forensics and incident response experts have experience helping clients respond to a multitude of threat vectors and attack types. Schneider Downs will work with you to determine the exact factors that led to the breach, 帮助你康复, and develop lessons learned to better mitigate these types of events down the road. This process allows for restoration of faith that your systems will be hardened against future attacks and preserve business relationships and public trust.
Experiencing or suspect a network incident?
Contact the Schneider Downs 事件响应 Team at 1-800-993-8937
下载我们的 数字取证 & 事件响应 bet9平台游戏概述以获取更多信息.
We have a defined process for assisting clients through response to a computer security incident.
1. 收集初步事实
Our team will gather initial facts and circumstances surrounding the computer incident(s) reported. We will collect information about the incident, such as: date and time; systems affected, 这些系统支持什么, and how it was reported; and what suspicious behaviors were detected. 如果检测到恶意软件, we will capture information regarding the type of malware, a listing of systems where it was identified, and other related information about how the malware operates.
2. 事件的范围
Based on the initial facts, we will attempt to identify the scope of the incident. We will examine data and gather and review preliminary evidence to help guide further course of action.
3. 数据收集
Our analysis will incorporate the use of data from various information sources, collected to preserve volatile evidence from key systems that can be analyzed later in the process.
Our method will collect data from two general categories:
- Data that describes the current running state of the affected systems, such as network connections and running processes.
- A snapshot of important data that can help us identify what may have happened in the past (e.g. file listings, system logs, operating system data, etc.). This may include capturing read-only, full-disk images of affected systems and log files.
4. 数据分析
Based on information captured in the previous phase, we will execute a plan to review available data for indicators of compromise and any other related activity that will allow us to render an opinion on the activities that have occurred on those systems. We will rely on the completeness and accuracy of the data provided by the client to perform this step.
5. 报告
基于所执行的分析, we will build a report for the client that identifies the following:
- 观察到的事实
- 收集的数据
- 数据分析结果
- 限制清单(如有)
- 调查结果摘要
- 经验教训
