Once an event is contained and controlled in the incident response phase and you no longer have immediate threats on your operational network, the challenge you are facing is to complete a full investigation in order to eliminate threats from the entire attack chain of events. In an in-depth digital forensic investigation, you can, for example, uncover root causes that may affect other systems that were not investigated in the incident response activity and threaten their safety and availability.
Therefore, forensic investigation is complementary to incident response and an important phase to ensure the security of your systems.
We offer a forensic analysis that focuses on a full understanding and thorough remediation of a breach.
Our techniques are based on industry standards and are adapted to your rail operational environment based on our railway expertise. We perform the investigation on-site with interaction with your operations, legal, HR, and compliance departments. Our methodology attempts to gain a full understanding of the incident’s timeline, the attackers’ motivation, and the attack’s chain of events, and provide you with mitigation approaches in order to eliminate the threat.