DFIR Digital Forensic & Incident Response, Emergency Support

DFIR - Digital Forensic and Incident Response (AKA CSIRT – CyberSecurity Incident Response Team) provides technical support in resolution of confirmed computer security incidents. Computer/Mobile security incident must fulfil all below characteristics:

• Adverse or negative act against confidentiality, integrity, or availability of organization’s assets
• Involve a computing/mobile resource (this rules out physical security and natural disasters)
• Confirmed intent to cause harm needs to be present (this implicates a person involvement in an incident and rules out incidental occurrences like failed changes, software/hardware failures etc.)” Computer security incident is not:
• Confirmed penetration test \ red team assessments.
• Incident related to general malfunction of system that is not related to cyber-attack.
• Physical security incident like stolen laptop or unauthorized entry to building. DFIR is focusing on three main areas:
• Security Incident Response provides expert knowledge to analyze security incidents, determines the incident priority and the activities to mitigate the threat.
• Digital Forensics Remote provides forensics investigation which consists of gathering and examining data, to recover and investigate material (e.g., malware, IoC, log, etc.) found in digital devices.
• Malware Analysis provides custom malware analysis and reverse engineering. It determines the purpose and method used by a specific malware. Supplier Security Engineers shall analyze suspicious files using commercial and public toolsets, providing a custom report detailing the composition of the malware.

DFIR Experts use special digital forensics platform called “DFIR Investigator”, which can gather data for investigation quicky. Thanks to that, investigation can be started without delay and mitigation actions - stopping the damage may be applied as soon as possible.

The platform is used in investigations related to cybercrimes and other incidents involving digital data. Platform is realized within AWS cloud in all regions supported by AWS.