About
Unfortunately even with the most robust security program in place, security incidents do occur. Part of a mature security program is investigating those incidents so that they can be learnt from. We know and understand just how stressful security incidents are. Pākiki has experience carrying out disk forensics on compromised servers and endpoints, as well as helping out with the people side (which is just as important!)
How we can help
Pākiki have the tools and experience to capture forensically sound images, and to carry out an investigation. This typically starts with identifying what questions you are seeking to answer. We’ll then capture the relevant sources of information, establish a chain of custody, and review and analyse the images for the relevant forensic artifacts to prove/disprove any questions. This process can often be repeated a number of times, as further questions come to light.
We have staff available in Christchurch and Wellington.
We know that incidents are stressful and we’ve helped a number of clients through them in the past. In addition to doing the technical investigation we can also provide a second person who can act as an independent third party who is less emotionally involved to get second technical opinions from or to help manage the human side.
We know that if an endpoint is involved it can be a very invasive procedure for the victim, so we will maintain discretion and only report facts which are relevant to the incident.
Note: If the event is likely to result in a court case, we are not willing to be expert witnesses in court.
What you get
At the end of the incident response, you will get a report which outlines:
- A summary of what happened and any work carried out
- A timeline of events
- The questions which were asked, and the direct answers to those questions
- Details of the technical analysis which was carried out
Get in touch
If you have an incident or a suspect incident, we can give advice on how to preserve any evidence along with next steps.