After a security breach, logs are gathered to understand what has happened and as evidence to prosecute the attacker(s). All too often the logs gathered by default are inadequate, lacking in detail, or missing altogether. Our service ensures that you are prepared for the worst.
Our Forensic Readiness Review ensures that an organisation is collecting sufficient logs and storing them in a forensically sound manner. This is to enable them to facilitate a thorough investigation of an incident and, if necessary, prosecute the attackers in a court of law.
By default, most organisations do collect some logs from their network devices and various operating systems. However, most don't manage them or consider the "audit policy" which defines which events are recorded.
We start by conducting a Forensic Readiness Review workshop where we exercise some breach use cases to test the effectiveness of the available logs. A gap analysis is performed and, where necessary, changes are suggested to increase forensic readiness.