For many companies investigating a device-specific security incident, standard procedure is to remove the affected device from the network prior to reinstalling it.
Unfortunately, vital evidence regarding the cause and effect of the incident is subsequently destroyed. That leaves the organisation no wiser and, more importantly, still exposed to the same or similar attacks in the future.
Even large companies with fleshed out security teams can lack the time, human resources or an adequate data gathering tool for same-day device scanning.
Our Remote Incident Response Kit is designed to rapidly gather all security-related data from a device and to furnish incident responders with evidence. As such, the software acts as a data collector, an automated forensics backend server, and a reporting module.
Well-suited forensics software for large organisations
For large security teams comprising professional incident responders, the Remote Incident Response Kit is an essential stand-alone tool for gathering data quickly for internal security specialists to analyse the device’s artefacts for malicious activity.
Quick and easy forensics software for small organisations
For smaller organisations that lack professional incident responder skills, the Remote Incident Response Kit is quick and easy to run.Thereafter, CSIS offers access to 24/7 forensics security specialists who ensure that the forensics analysis is complete and accurate, and that the correct conclusions have been drawn before recommendations are made.
Supports all Windows-based client operating systems actively supported by Microsoft, and in all Microsoft-supported languages.
Also available for Android devices, and can be downloaded from the Google Play store.
1. You have a security incident you want to investigate
- e.g. a device is infected with ransomware.
2. You have a suspicion that a security incident has occurred and you want to investigate it.
- e.g. your browser crashes after clicking on a link.
3. You want to make a routine investigation
- e.g. you have been to a series of conferences in the Far East.
4. You want to do “real time” threat hunting
- e.g. You run the software periodically on high profile targets in your organisation.
If you have an SLA with CSIS:
When malicious activities have been detected, the report documents:
The reports can be used for legal proceedings, for auditing purposes, or even as crisis management background material.