Whether hackers have just broken into your network, or you've just discovered that a trusted employee has been stealing company data, the firm you decide on to remediate the situation is critical. Atlantic Data Forensics' incident response teams have handled hundreds of scenarios just like yours -- quickly, quietly, and successfully. Our team can be onsite in mere hours, beginning the process of giving you back your peace of mind.
Minutes matter; call ADF right now if you're experiencing a potential breach.
HACKERS AND THEIR ARMIES OF MALWARE-INFECTED COMPUTERS CONSTANTLY PROBE AND ATTACK CORPORATE NETWORKS AROUND THE WORLD...
PRIVATE INFORMATION & FINANCIAL DATA IS EXFILTRATED FROM WHAT WERE THOUGHT TO BE SECURE SYSTEMS...
TRUSTED EMPLOYEES STEAL COMPANY INTELLECTUAL PROPERTY, MISUSE CORPORATE RESOURCES AND LEAK SENSITIVE CORPORATE INFORMATION...
ATLANTIC DATA FORENSICS HAS HELPED HUNDREDS OF ORGANIZATIONS GET THROUGH THESE SITUATIONS AND GET BACK TO BUSINESS. LOOK NO FURTHER. WE GET IT DONE.
Atlantic Data Forensics' incident response teams follow five basic steps when handling an intrusion or insider incident.
1. Generally, even at large corporations, the IT staff is not trained or prepared to handle a hacking or insider incident. We do -- but as an outside entity, we don’t have the background knowledge, configuration information, or user credentials to respond to the incident independently. Working together with you, your IT team, and legal staff, we determine the scope of the incident and assemble an action plan. During this step we also place network monitor systems at the perimeter if the network. Network monitoring will often provide critical information related to known malware distribution sites, and hacker Command & Control (C&C) servers. Using this network monitoring, we've even caught intruders accessing client computers, using compromised accounts, and stealing corporate data, and put a stop to it quickly and effectively.
2. Once we have identified the systems that we believe have been hacked, our security professionals capture live memory (RAM) from the running system and perform memory forensics. Volatile memory forensics is one of the latest incident response technique for dealing with the new generation of hacker tools. Often times, hacker use tools that are encrypted or even deleted from the victim computers hard disk, and which only exist in memory (RAM). By capturing the volatile memory we can extract the hackers tools, identify where they are connecting to/from, and identify compromised accounts and passwords.
3. Next we make forensic images of a selected subset of computers that we have valid reason to believe will aid the investigation. (Unlike some of our competitors, Atlantic Data Forensics doesn't believe in indiscriminately making forensic images of ALL the computers or servers on a network. Selective forensic imaging produces a lot less data and keeps the investigation from becoming bogged down, and also results in massive cost savings to our Clients.)
4. Once we have identified what hacker tool set or signatures we are dealing with we use a series of customized detection tools to identify any other compromised machines on the network and schedule them for rebuild or replacement as necessary.
5. Once the response team has "stopped the bleeding", we continue to remediate lower-priority issues, and draft formal forensic reports or tailored network security recommendations as requested.
Throughout the investigation, Atlantic Data Forensics' incident handling team will hold calls and status meetings to coordinate IT’s remediation efforts, and keep your organization's management apprised.
Though this may be your company's first time experiencing a breach, we've handled hundreds of cases just like yours. Leverage our incident handling expertise. Minutes matter; call ADF right now if you're experiencing a potential breach.