We've merged with Sikich to better serve our clients. See what the future holds.

Get your organization back up and running.

If you've ever found your car window smashed and your personal possessions gone, you know that sickening feeling. Security intrusions and data theft can feel a lot like that.

We realize that situations requiring forensic expertise can be challenging to manage and resolve. You need a solid partner who can get to the bottom of the incident, help you make sense of it and reduce the likelihood of it occurring again.

Whether it is investigating a breach of credit card numbers or recovering sensitive data, 403 Labs has the experience and ability to dissect even the most complicated forensic cases and bring them to a close. Using the latest industry-respected toolkit—along with an arsenal of custom tools and know-how—our investigators work tirelessly to discover what happened to your data and how it was accessed.

What to Do If You've Experienced a Breach

The moments after a breach are of the utmost importance and can significantly impact your organization and the effectiveness of a forensic investigation. If you suspect a computer systems intrusion or breach, you should:

Immediately Contain and Limit the Exposure

The goal of containing and limiting the exposure is to keep the breach from spreading. If you are unable or uncomfortable performing any of the following steps, the 403 Labs Forensic Team will be able to assist you.

  • Do NOT access or alter compromised systems (e.g., do not log on or change passwords).
  • Do NOT turn off the compromised machine. Instead, isolate compromised systems from the network (e.g., unplug the network cable). If for some reason it is necessary to power off the machine, unplug the power source.
  • Do NOT shutdown the system or push the power button (because it can sometimes create a "soft" shutdown), which modifies system files.
  • Preserve logs and electronic evidence. A forensic hard drive image will preserve the state on any suspect machines. Any other network devices (such as firewalls, IDS/IPSes, routers, etc.) that have logs in the active memory should be preserved. Keep all past backup tapes, and use new backup tapes for subsequent backups on other systems.
  • Log all the actions you have taken, including composing a timeline of any knowledge related to the incident.
  • If using a wireless network, change SSID on the wireless access point (WAP) and other machines that may be using this connection (with the exception of any systems believed to be compromised).
  • Be on high alert and monitor all systems.

Alert All Necessary Parties Within 24 Hours

Be sure to notify:

  • Your internal information security group and incident response team, if applicable.
  • The card associations and your merchant bank if the breach is part of a cardholder data segment.
  • The local FBI office and/or U.S. Secret Service (file a complaint online at http://www.ic3.gov).

How We Can Help

403 Labs speaks at security and law enforcement conferences across the country. We develop and maintain tools in wide use within the security community. We also work with law enforcement at local, state and federal levels to bring cyber criminals to justice, and we maintain relationships that allow us to easily work with officers and prosecutors.

403 Labs is a highly-qualified and widely recognized forensic investigator and is one of the few companies approved and certified by the Payment Card Industry Security Standards Council (PCI SSC) as a PCI Forensic Investigator (PFI) to perform this difficult and complex task within the payment card industry.

Forensic Investigations

We respond quickly to provide an expert forensic team to contain the breach, salvage data, perform an investigation, and get your organization back up and running. Our proven methods and techniques enable you to properly respond to the attack, secure your environment and meet all legislative and industry requirements.

We are uniquely equipped. Along with our many certifications and qualifications, you can rest assured that it will not escape our eyes in our dedicated forensic lab with state-of-the-art equipment and software. We provide:

  • Breach verification, data collection and analysis
  • Reverse engineering to handle custom malware or zero-day vulnerabilities
  • Detailed physical inspections to uncover evidence of tampering or other physical breaches
  • Code review of affected applications in nearly any programming language
  • Advice for reducing the risk of future breaches
  • Detailed reports that allow you to have a complete, documented view into your case

Data Recovery

Malicious employees, computer hackers, physical disasters and mistakes can all lead to the inadvertent destruction of critical data. Even if files are deleted or systems fail, it can still be possible to recover the contents of the system to bring your organization back on-line quickly.

Electronic Litigation

Organizations can find themselves in a position where a technical expert is needed to defend a lawsuit. Electronic litigation provides the expert testimony that is occasionally required to support a case. Proven methods and proper chain of custody procedures are used to support the evidence in a court of law.

Breach Disclosure

Laws and regulations governing breach disclosures can be tough to understand and keep track of. Requirements can vary from state to state. Some legislation, like the California State Bill 1386, requires companies to notify state residents if any personal information is leaked. 403 Labs helps you stay up-to-date with the requirements that apply to your organization, should a breach occur.

Electronic Discovery (E-Discovery)

In some civil litigations, electronic discovery may be necessary to extract and analyze electronically stored information that could be pertinent to the case. 403 Labs will not only assist with the extraction and analysis of the data, but will also effectively coordinate efforts with lawyers, IT staff and any other relevant parties.

Blog Post: Go Beyond Compliance—Incident Response Plan

If you discover that someone has compromised your network, you will likely have trouble thinking clearly. The time to do that thinking and plan for a security incident is in the conference room when the network is purring along as designed and you can have the full attention of the relevant team members. Bring them together at least annually and take a critical look at your incident preparedness.

During the hundreds of security and compliance assessments that I've helped deliver, I've seen just as many Incident Response Plans (IRP). As you might imagine, the quality varies. While many are designed around a regulatory compliance mandate or a popular template with required and standard language, a common problem that I see is lack of real-world usability.

Many of our readers are subject to one or more regulatory compliance mandates with specific requirements addressing IRP. I'll stay away from those requirements and simply share some usability tips that I hope are helpful. Read more »

Trust your forensic investigation to the experts at 403 Labs.

All it takes is your name and phone number or email address to learn more about our services and expertise. If you'd like, you'll also be able to send additional details after you submit your information here.