Post-incident analysis (including malware analysis)

Post-incident analysis – encompassing manual and automated malware analysis – comprises investigation of the attacker’s actions, identification of tools and methods used, detecting rootkits, backdoors, keyloggers and Trojan horses.

Within the scope of a post-incident analysis the following activities are carried out:

  • securing a copy of the virtual machine
  • analyzing of modifications to logs and configuration files
  • analyzing of changes to permissions for particular files
  • analyzing of other data aimed to define the attacker, the time and the manner of performing the attack
  • analyzing of potential scope of data leak
Ask for more details