Get your organization back up and running.
If you’ve ever found your car window smashed and your personal possessions gone, you know that sickening feeling. Security intrusions and data theft can feel a lot like that.
We realize that situations requiring forensic expertise can be challenging to manage and resolve. You need a solid partner who can get to the bottom of the incident, help you make sense of it and reduce the likelihood of it occurring again.
Whether it is investigating a breach of credit card numbers or recovering sensitive data, Sikich has the experience and ability to dissect even the most complicated forensic cases and bring them to a close. Using the latest industry-respected toolkit—along with an arsenal of custom tools and know-how—our investigators work tirelessly to discover what happened to your data and how it was accessed.
What to Do If You’ve Experienced a Breach
The moments after a breach are of the utmost importance and can significantly impact your organization and the effectiveness of a forensic investigation. If you suspect a computer systems intrusion or breach, you should:
Immediately Contain and Limit the Exposure
The goal of containing and limiting the exposure is to keep the breach from spreading. If you are unable or uncomfortable performing any of the following steps, the Sikich Forensic Team will be able to assist you.
- Do NOT access or alter compromised systems (e.g., do not log on or change passwords).
- Do NOT turn off the compromised machine. Instead, isolate compromised systems from the network (e.g., unplug the network cable). If for some reason it is necessary to power off the machine, unplug the power source.
- Do NOT shutdown the system or push the power button (because it can sometimes create a “soft” shutdown), which modifies system files.
- Preserve logs and electronic evidence. A forensic hard drive image will preserve the state on any suspect machines. Any other network devices (such as firewalls, IDS/IPSes, routers, etc.) that have logs in the active memory should be preserved. Keep all past backup tapes, and use new backup tapes for subsequent backups on other systems.
- Log all the actions you have taken, including composing a timeline of any knowledge related to the incident.
- If using a wireless network, change SSID on the wireless access point (WAP) and other machines that may be using this connection (with the exception of any systems believed to be compromised).
- Be on high alert and monitor all systems.
Alert All Necessary Parties Within 24 Hours
Be sure to notify:
- Your internal information security group and incident response team, if applicable.
- The card associations and your merchant bank if the breach is part of a cardholder data segment.
- The local FBI office and/or U.S. Secret Service (file a complaint online at http://www.ic3.gov).
How We Can Help
Sikich speaks at security and law enforcement conferences across the country. We develop and maintain tools in wide use within the security community. We also work with law enforcement at local, state and federal levels to bring cyber criminals to justice, and we maintain relationships that allow us to easily work with officers and prosecutors.
Sikich is a highly-qualified and widely recognized forensic investigator and is one of the few companies approved and certified by the Payment Card Industry Security Standards Council (PCI SSC) as a PCI Forensic Investigator (PFI) to perform this difficult and complex task within the payment card industry.
We respond quickly to provide an expert forensic team to contain the breach, salvage data, perform an investigation, and get your organization back up and running. Our proven methods and techniques enable you to properly respond to the attack, secure your environment and meet all legislative and industry requirements.
We are uniquely equipped. Along with our many certifications and qualifications, you can rest assured that it will not escape our eyes in our dedicated forensic lab with state-of-the-art equipment and software. We provide:
- Breach verification, data collection and analysis
- Reverse engineering to handle custom malware or zero-day vulnerabilities
- Detailed physical inspections to uncover evidence of tampering or other physical breaches
- Code review of affected applications in nearly any programming language
- Advice for reducing the risk of future breaches
- Detailed reports that allow you to have a complete, documented view into your case
Malicious employees, computer hackers, physical disasters and mistakes can all lead to the inadvertent destruction of critical data. Even if files are deleted or systems fail, it can still be possible to recover the contents of the system to bring your organization back on-line quickly.
Laws and regulations governing breach disclosures can be tough to understand and keep track of. Requirements can vary from state to state. Some legislation, like the California State Bill 1386, requires companies to notify state residents if any personal information is leaked. Sikich helps you stay up-to-date with the requirements that apply to your organization, should a breach occur.
Organizations can find themselves in a position where a technical expert is needed to defend a lawsuit. Electronic litigation provides the expert testimony that is occasionally required to support a case. Proven methods and proper chain of custody procedures are used to support the evidence in a court of law.
In some civil litigations, electronic discovery may be necessary to extract and analyze electronically stored information that could be pertinent to the case. Sikich will not only assist with the extraction and analysis of the data, but will also effectively coordinate efforts with lawyers, IT staff and any other relevant parties.
Trust your incident response needs to the qualified experts at Sikich.
All it takes is your name and phone number or email address to learn more about our services and expertise. If you’d like, you’ll also be able to send additional details after you submit your information here.