Incident Response and Digital Forensics (DFIRMA)

DFIRMA's services include a wide range of areas and tasks:

• Incident response. Computer attack localization and containment services, aimed at timely taking measures to protect the attacked infrastructure and minimize possible damage. Can be performed both remotely and with presence at the customer's facilities.

• Malware analysis. Analyze malware samples to determine the tools used by attackers, identify IOCs, and create YARA rules for infrastructure scanning.

• Incident investigation and digital forensics. The service goal is to establish the circumstances of the incident, collect the necessary digital evidence, and prepare specific recommendations to reduce the risks of a repeat incident and improve the infrastructure security level. The evidence base is collected while preserving the integrity of digital traces, using methods that comply with Russian legislation. All collected information is stored in secure storage with restricted access and formalized for submission to law enforcement agencies and the Customer.

• Infrastructure compromise assessment. Determination of the presence or absence of infrastructure compromise by retrospective search for relevant indicators and other traces. It can be used in conjunction with the Brand Protection service to verify the use of leaked data.

• Supporting internal investigations. Verification of security service or cyber security suspicions, collection of evidence, participation in inspections, conducting exit interviews with employees, support in pre-trial settlements and court as an expert or specialist.