Services

The Incident Response process includes:

Identification
Identify factors related to the incident, clarify the attack flow through Digital Forensic.

Containment
Deploy temporary preventive measures, isolate related objects; then implement long-term preventive measures such as patching and configuration remediation.

Remediation
Remediation includes malware removal, security patching, data backup.

Recovery
Restore affected systems and monitor to ensure the incident has been fully resolved.

Lessons Learned
Compile detailed reports, provide preventive solutions, and draw lessons learned for future incidents.

a. Intake

• Receive information about attack timing, consequences and system status

• Situation assessment: has been attacked, is being attacked, or status has changed

• Determine incident scope: entire system, a single computer, or data

b. Incident classification

• Phishing attack

• Ransomware attack encrypting data

• Destructive attacks

• Other forms

c. Evidence collection

• Contact information

• System network diagram

• Affected targets

• System access account

• System log (Log)

• Memory and network connection status

• Tampered data samples

• Malware sample

d. Phân tích

• Analyze vulnerabilities in servers, network devices and software

• Log sample analysis

• Build a timeline of events before, during, and after the incident

• Malware analysis

e. Báo cáo

• Comprehensive investigation reports with complete digital evidence

• Assess root cause and remediation results

• Propose solutions to improve information security regarding processes, hardware, and software

• Respond to incidents with high speed and accuracy

• Conduct investigations following consistent procedures

• Minimize data loss and reputational damage

• Strengthen existing security protocols and procedures

• Fast recovery, minimizing business disruption

• Support threat actor prosecution through evidence and documentation