4 CRITICAL STEPS FOR

RESPONDING TO A CYBER INCIDENT

INCIDENT RESPONSE PLAN

Whilst taking action quickly is essential to mitigating the impact of an attack or breach, digital evidence must also be handled with precision and care to protect sensitive information from being overwritten, destroyed, or otherwise corrupted.

 

Follow the best practices listed below to preserve your digital exhibits then contact Cyber & Digital Forensics as soon as possible so a thorough investigation can take place.

TYPES OF CYBERCRIME WE CAN INVESTIGATE:

+   Phishing: using fake email messages to get personal 

     information from internet users;

+   Identity theft: misusing personal information;

+   Hacking: shutting down or misusing websites or computer             networks;

+   Cyberstalking: harassing victims online;  

+   Malicious software: using internet-based software or                       programs to disrupt networks;

+   Insider threats: including espionage, fraud, sabotage and               intellectual property theft. 

 

Unsure of the type of digital investigation you require? Then speak to one of our technical experts for free, impartial advice by calling 0333 358 3680 or emailing support@cyberdigitalforensics.com.

 
1.
Mobilize the Response Team

The first step? Don’t panic. Whilst you’ll want to mitigate the damage by acting quickly, you must consider all decisions carefully; it helps to have a dedicated team trained to deal with cyber attacks already in place to ensure all the right moves are made.

 

Once you’ve determined whether this is a real attack or simply a glitch in the system, decide what your business objectives are for the response operation, for example, which data, networks, and services should be prioritised for recovery.    

 

2.
Contain the Threat

Next, identify what part of the network has been compromised and isolate it immediately to stop the loss of more valuable data or the attack from spreading. Other preventative measures you may want to take include rerouting network traffic, implementing temporary firewalls or limiting user access control.

 

Rule number one, stay switched on. Digital evidence, by its nature, is incredibly volatile and easily modified, so shutting down a machine can delete valuable information on how the attack originated, where the breach took place and the amount of damage done. 


A couple of other rules to remember when it comes to evidential integrity include ensuring other devices aren’t plugged into the device, such as memory cards or USB thumb drives, and not opening applications or files in case any data is overwritten. 
 

Computer investigation packages
Preserve the Evidence 
Contact Cyber & Digital Forensics

Using leading digital forensics software and the latest techniques, our team of specialists make a secure copy of the affected systems, analyse the extent of the incident and produce our findings in a detailed PDF or HTML report. The intelligence gathered will help you fix any vulnerabilities and keep your systems safer in the future. Speak to one of our technical experts for free, impartial advice by calling Cyber & Digital Forensics or emailing support@cyberdigitalforensics.com.

 

3.
4.
ACCREDITATIONS

Cyber & Digital Forensics is a qualified digital investigation organisation that works to ISO9001 standards and ACPO Guidelines. We are also working towards a fully ISO 17025:2017 accredited forensics laboratory.  

 

We hold the following accreditations:
 

ISO 9001
We work with Innovate UK
Cyber Essentials
Tech UK