Incident Response

When a network security incident occurs, every action taken needs to be a calculated step to recovery. Any missteps can cause damage to your organization, data, and evidence.

A typical incident response from Califorensics includes a combination of the following:

  1. Identification – the response team is initiated to determine the nature of the incident and what techniques and resources are required for the case.
  2. Containment – the team determines how far the problem has spread and contains the problem by disconnecting affected systems and devices to prevent further damage.
  3. Eradication – the team investigates to discover the origin of the incident. The root cause of the problem is determined and any traces of malicious code are removed.
  4. Recovery – data and software are restored from clean backup files, ensuring that no vulnerabilities remain. Systems are monitored for signs of weakness or recurrence.
  5. Recommendations – the team analyzes the incident and how it was handled, making recommendations for better future response and preventing a recurrence.

The window of opportunity to mitigate a breach and take corrective and preventative action can be short. Call Califorensics for a free consultation.