Cyber Forensics Readiness Program

Confidently Respond To and Investigate Cyber-Attacks

The threat landscape is constantly evolving and cyber-attacks are increasing in scale and scope. It’s just a matter of time as far as when you’ll be faced with a breach event. Following a breach, a forensic investigation can help you understand what happened, plan remediation, and enhance your existing controls to further minimize the likelihood of a similar incident in the future.

The Cyber Forensics Readiness Program will prepare your Incident Responders and IT personnel to quickly and cost-effectively capture and maintain evidence in a forensically sound manner.

Cyber Forensics Readiness Program Details

Evidence Handling Training Seminar

This on-site, hands-on technical training session will include pre-configuring systems for evidence collection, establishing procedures, evidence acquisition, evidence handling, working with law enforcement and forensic investigators, and reporting to the Incident Response Team. Each participant will receive open source tools and supporting documentation. Four (4) hours of Continuing Professional Education (CPE) Credits are awarded to each participant.

Topics include:

  • Defining cyber scenarios that require digital evidence.
  • Identifying available sources and types of potential evidence.
  • Determining evidence collection requirements.
  • Establishing the capacity for securely acquiring digital evidence.
  • Documenting evidence handling procedures.
  • Collecting RAM, volatile system data, files of interest, disk images, event logs and mobile device data.
  • Securely storing and transmitting evidence.
  • Working with external resources including forensic experts, law enforcement, and legal counsel.
  • Reporting to the Incident Response Team.
  • Conducting Incident Response Exercises.

Incident Response Team Lunch and Learn

The Lunch and Learn session for the Incident Response Team is typically held the same day as the Evidence Handling Training Seminar. This non-technical session will include an introduction to forensic evidence including logs and volatile memory, an overview of evidence handling and the investigative process, and the role of external resources.

Semi-Annual Forensics Collection Exercise

Twice a year, we schedule an exercise for your team that simulates a cyber-attack. Your team will collect, preserve, and transmit evidence to the Sage team within a predefined timeframe.

Additional Program Benefits

Program subscribers will be eligible for priority digital forensics services. Sage’s nForensics team is staffed by industry experts in incident response, digital forensics, electronic discovery, and training. Incident response fees are not included in the subscription.

No one is immune to cyber-attacks