Root Cause Analysis — Post-incident forensics
Forensic-grade post-incident analysis with full timeline reconstruction, IOC mapping, and a remediation roadmap to prevent recurrence.
Coverage that goes deep.
Forensic-grade post-incident analysis with full timeline reconstruction, IOC mapping, and a remediation roadmap to prevent recurrence.
- Memory & disk forensics
- Log correlation across systems
- Network traffic analysis (pcap)
- Malware reverse engineering
- Persistence mechanism identification
- IOC extraction & threat actor attribution
- Containment & eradication plan
- Timeline
- 5–15 business days (post-incident)
- Methodology
- SANS PICERL
NIST 800-61r2
MITRE ATT&CK
Diamond Model - Category
- Defensive
- Re-test
- Included after fixes
Every engagement is led by a CRTO/OSCP-certified senior engineer with named accountability.
What you get back.
A structured deliverable pack you can hand to engineers, auditors and the board.
Incident timeline
IOC list (STIX format)
Root cause report
Remediation roadmap
How we work.
Scope
Confidential scoping call. We agree assets, environments, exclusions and timing.
Test
Active testing per agreed methodology, with daily check-ins on critical findings.
Report
Executive + technical deliverables. CXO presentation if you want it.
Retest
Re-test included after your team applies fixes. Certificate issued on pass.
Common questions.
How fast can you start?
Tell us about your environment.
A 30-minute scoping call — confidential, NDA-protected, complimentary. Our senior security team will respond within 4 business hours.
- Named senior engineer on every project
- In-house tools in production · ISO 27001 aligned practices
- 4-hour breach SLA · 5–10 day delivery