Our Forensic Readiness Review ensures that an organisation is collecting sufficient logs and storing them in a forensically sound manner. This is to enable them to facilitate a thorough investigation of an incident and, if necessary, prosecute the attackers in a court of law.
By default, most organisations do collect some logs from their network devices and various operating systems. However, most don't manage them or consider the "audit policy" which defines which events are recorded.
We start by conducting a Forensic Readiness Review workshop where we exercise some breach use cases to test the effectiveness of the available logs. A gap analysis is performed and, where necessary, changes are suggested to increase forensic readiness.