DFIR

If you are experiencing a security breach, an operational, technical, or security-related incident of any kind, please do not hesitate to contact us immediately. Every minute counts.

Improbus DFIR:

The following points guide our work in DFIR cases. The list is not exhaustive or comprehensive, but it is intended to provide an overview of the process in a DFIR case.

• Preparation: Initial contact, initial interviews, and gathering basic information.
• Detection: Identify, validate, and scope the incident.
• Containment: Limit impact, isolate objects, and secure assets.
• Analysis: Gather more information and metadata, identify IOCs, patterns, etc.
• Eradication: Remove breach cause(s), harden systems, and limit access.
• Recovery: Restore services (if down), and monitor relevant systems closely.
• Post-Incident Activities: Documentation, further hardening of security, improving controls and policies, tuning logging and detection, providing further security recommendations, etc.