CyberScout

Incident Response Forensics

CyberScout offers advanced Forensic Investigation Services to help businesses affected by an incident with quick and in-depth analysis.

Forensic Investigation Services with RALF
Forensic Investigation Services with RALF

CyberScout conducts a majority of our forensic investigation services with our proprietary Remote Access Lab Forensics (RALF) device. RALF is a small form-factor computer placed on site with the client, enabling quick and easy support on site. RALF:

  • Provides a channel for immediate support
  • Offers enhanced security over other methods and is third-party validated secure
  • Enables enhanced remote investigations
  • Offers the ability for data to stay local
  • Enables ease of use for non-technical staff
System Compromise Response
System Compromise Response

This service includes exfiltration analysis, determining manner of compromise, actions taken by threat actor, and whether the threat actor is still within the environment. CyberScout will provide:

  • Background details of the event
  • Executive summary of findings from the analysis
  • Evidence that determines whether data exfiltration occurred
  • Evidence that shows manner of compromise and actions taken by the attacker
Ransomware Recovery
Ransomware Recovery

This service includes data recovery and ransom payment. CyberScout will:

  • Gather facts and explain risks associated with paying the ransom
  • Communicate or negotiate with the threat actor
  • Obtain proof of decryption
  • Anti-money laundering check
  • Make payment from bitcoin wallet
  • Provide decryption key to client
  • Support client through entire decryption process
Business Email Compromise
Business Email Compromise

This service includes exfiltration analysis, manner of compromise, actions taken by threat actor, and whether the threat actor is still in the environment. The client will receive:

  • Background details of the event
  • Executive summary of findings from the analysis
  • Evidence that determines whether data exfiltration occurred
  • Evidence showing manner of compromise and actions taken by the attacker
Data Mining
Data Mining

The client will receive:

  • Report containing a background summary of the event, search parameters used, and summary of results including the number of each type of sensitive information that was found
  • Raw results will be sent separately to client over a secure transfer method that contains where information was found
  • Option for full review of raw data and results, in a notification-ready, well-organized document, showing impacted individuals and their exposed data clearly