Incident Response and ForensicsIncident Response and Forensics

Incident Response and Forensics

24/7 availability in case of an incident

We offer our customers throughout Germany 24/7 availability of our experts for incident response and forensics with guaranteed response times as well as a comprehensive range of services to handle targeted attacks and other IT security incidents.

In case of a hacker intrusion or an infection with ransomware, our experts provide advice and support and are ready to act:

  • Selecting suitable immediate actions
  • Support during processing and follow-up
  • Support during recovery

This allows you to react quickly and in the correct way, so that the incident can be limited as soon as possible and be processed afterwards in order to reduce the impact to a minimum.

Due to our expertise, the BSI has listed us as a qualified APT Response service provider.

In addition, we support you with:

  • Detailed examination and forensics
  • Preparing and performing incident response exercises to train the correct reaction
  • Consulting on and drawing-up of concepts for incident handling
  • Incident Handling & Response training


Forensic Investigations

Independent of our 24/7 availability, we have been assisting our customers with the forensic analysis of IT systems for many years.

Our specialists use professional tools on site or in our forensics and malware laboratory to examine incidents, affected systems and networks as well as malware that has been found.

Thus, we can reconstruct both the attack path and the sequence of events that took place and identify traces typical of the corresponding attack. This also makes it possible to find hints about other systems, user accounts and data that are affected and examine a potential data leakage.

Our typical procedure includes, for example:

  • Reconstructing the sequence of events that took place or the infection path by analyzing logs and images of hard disks and main memories
  • Targeted search for files and contents on endpoints and drives in case of a suspected data leakage
  • Identifying the vulnerabilities having caused the intrusion
  • Live analysis of systems to collect further traces or determine the scope of an incident
  • Malware analysis of files and programs

We use tools typical in the industry to process and analyze the artifacts. The results of the analysis are summarized in a detailed report, and we can also create a forensic expert report if required.