No matter what type of cybercrime is committed or what data is lost, we have the experience and resources to move quickly and act decisively to isolate and secure compromised data and investigate the digital trail, wherever it may lead. For example, in cases involving malicious insiders, our team can combine computer forensic expertise with exceptional investigative resources and methodology to retrace the behavior of those who may have had access to protected or proprietary information.
In response to digital attacks originating outside the company, including malware, ransomware or an email account compromise, Kroll’s cyber investigation teams collect and examine physical and digital evidence to determine where, when and how an incident occurred—and if there are any remaining threats within the systems. Our experts will quickly determine what data was compromised and what digital evidence may have been erased or modified. They will also work with clients to recover data whenever possible and recreate events and exchanges to accurately diagnose the problem so they can develop and implement an effective recovery plan.
– Devon Ackerman, Managing Director, Head of Incident Response, North AmericaWith the rising concerns of ransomware and intrusions that leverage data exfiltration, Kroll’s incident response teams have not only the experience to properly investigate the many aspects of risk to data, but also the technical understanding of how to properly contain the threat and eject active actors from compromised networks.
A global software company based in Europe received an email from an anonymous source stating the sender had access to personally identifiable information, confidential financial data and IP source code for one of its subsidiaries. The sender gave Kroll’s client two weeks to pay a ransom of one million euros in bitcoin before it was leaked. Kroll's forensic investigators ascertained that an insider threat was the source of the infiltration, identified the individual responsible and provided the necessary evidence to assist with a prosecution.
For more details, read the full case study.
Kroll’s cybercrime investigation teams use a multidisciplinary problem-solving and leadership approach. In the event of litigation or regulatory action, we can work closely with in-house or outside counsel, senior executives and audit committees through each stage to provide frequent updates and assure company objectives are being met. If requested, we can assemble a case file for a referral to any relevant regulatory or law enforcement agency or serve as expert witnesses in any subsequent litigation.
Our comprehensive incident response and cyber investigation services include the following:
Many more solutions are available, use the links on this page to explore them further or speak to a Kroll expert today via our 24x7 cyber incident hotlines or our contact page.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Kroll’s elite security leaders deliver rapid responses for over 3,200 incidents per year and have the resources and expertise to support the entire incident lifecycle.
Stop cyberattacks. Kroll’s managed detection and response services are powered by an elite team of seasoned cyber risk experts and frontline threat intelligence to deliver unrivaled response.
Kroll’s field-proven cyber security assessment and testing solutions help identify, evaluate and prioritize risks to people, data, operations and technologies worldwide.
Manage cyber risk and information security governance issues with Kroll’s defensible cyber security strategy framework.
Kroll’s data breach notification, call centers and monitoring team brings unique expertise to global incident response to help clients efficiently manage regulatory and reputational needs.
by Eric Zimmerman, Andrew Rathbun
by David White
by George Glass
by Dave Truman