Skip content

Incident Response and Digital Forensics

Ensure quick, effective responses to cyber incidents while minimising the impact on your business

LRQA is a National Cyber Security Centre Cyber Incident Exercising and Response Assured Service Provider

Cyber threats are constantly evolving, and businesses must be prepared to respond effectively. A data breach, ransomware attack, or insider threat can cause immense damage to your operations, reputation, and financial health.

Our Digital Forensics and Incident Response services help you minimise the impact of such events. Our CREST-accredited experts provide rapid response, forensic investigation, and post-incident analysis to secure your business against future attacks. By partnering with LRQA, you benefit from a comprehensive cyber incident response strategy, ensuring fast containment, effective remediation, and strengthened defences against future risks.

LRQA is an Assured Service Provider in Cyber Incident Exercising and Cyber Incident Response (Level 2)

Our approach to Incident Response and Digital Forensics

LRQA’s experienced Cyber Incident Response Team is committed to helping you at every stage of the incident response lifecycle. From preparation, eradication, and remediation, through to lessons learnt.

As part of our Managed Incident Response service, we provide a full range of tactical and strategic solutions tailored to your unique environment and organisational needs, ensuring a robust security posture when you need it the most.

Rapid response

Our experts initiate response protocols swiftly, rapidly analysing signs of compromise or breach to provide immediate threat detection and containment.  

 

Hands-on

We provide hands-on technical remediation support, guiding your teams through the process of containment, eradication, and reducing the risk of future breaches.

Command and control

We assign you dedicated cyber incident and engagement managers to aid in the command, control and communications throughout the entire incident response process.

Reporting

Our detailed reports cover impact analysis, recovery status, technical investigation, and executive summaries, providing full visibility into every facet of the incident response and cyber incident management.

Our Cyber Incident Response Services

We work closely with you to ensure you receive the right level of care and preparedness, ranging from basic incident response consultation and triage services to premium-level services with guaranteed SLAs and flexible consumption models.

Service level

24/7 hotline

Guaranteed SLA

Pre-paid hours

Transfer unused hours

Cyber incident and engagement manager

Bronze

 

Checkmark with solid fill

Four hours

 Checkmark with solid fill 

 Checkmark with solid fill 

 Checkmark with solid fill 

Silver

 Checkmark with solid fill

Four hours

 Checkmark with solid fillCheckmark with solid fill

 Checkmark with solid fill 

 Checkmark with solid fill 

Gold

 Checkmark with solid fill

Four hours

 Checkmark with solid fillCheckmark with solid fillCheckmark with solid fill

 Checkmark with solid fill

 Checkmark with solid fill 

Proactive and professional services

Our proactive incident response services help to evaluate your current incident response strategies and help you prepare no matter what stage or maturity level you are currently at. We help you with:

Incident Response Maturity Assessment

Provides valuable insight into your incident response capability covering, people, processes and technology. This assessment benchmarks your incident response against industry standards, providing actionable recommendations for improvement, including a review of your logging capabilities to maximise the effectiveness of your SIEM or SOC solutions.

Compromise Assessment

If you suspect your organisation has been compromised, our reactive compromise assessment can quickly validate whether zero-day exploits or critical vulnerabilities have been exploited, discovering any unknown security breaches, malware, or unauthorised access.

Incident Response Plan and Policy Writing

We work with you to create an incident response plan and policy that is tailored to your organisational needs and aligned to industry best practice. The plan will outline the tools and procedures that your security team will use to identify, eliminate, and recover from cyber security attacks.

Playbook Review

Response to cyber incidents requires a well-planned and repeatable process. Using playbooks, we make sure that your security team know what to do in a particular event. This engagement has been designed to support maturing security teams by reviewing in-use playbooks and providing guidance on best practice as well as how to optimise processes to reduce incident volumes.

Cyber Response Tabletop Exercises

Ensure your security team is prepared with well-defined and repeatable processes for responding to cyber incidents. Our playbook review service supports maturing security teams by optimising existing playbooks and providing best practice guidance to reduce incident volumes.

Cyber security First Responder Training

This one-day training course is designed to prepare your team to act effectively and efficiently against a cyber attack. Ensuring that your team have the correct knowledge to be able to react to a cyber incident and ensure a swift and successful response.

Threat Hunting

This is a proactive service and compliments a Penetration Test to provide you with the confidence you have not been compromised. A Penetration Test is used to identify weaknesses in your infrastructure. A Threat Hunt uses the findings of this test to complete targeted ‘hunting’ to see if any of these weaknesses have been exploited and if an attacker is hiding in your infrastructure.

Ransomware Resilience Assessment

We assess your organisation’s current preparation, security technologies and backup strategy to ensure that you can recover from a ransomware attack. We also assess your maturity in preventing and detecting attackers who are intent on widely distributing ransomware across your endpoints.

Our Digital Forensics capabilities

Digital Forensics is a critical component of our incident response services, focusing on the preservation, identification, extraction and analysis of digital evidence. Our digital forensics team is skilled in uncovering the details behind cyber incidents, ensuring that all relevant data is meticulously analysed to support legal actions, internal investigations, or compliance requirements.  

Digital Forensics Services

Forensic investigation

We conduct in-depth forensic investigations to identify the source, scope, and impact of a cyber incident. Our experts utilise advanced tools and methodologies to examine digital evidence, including data from compromised systems, network logs, and other digital artefacts, providing a clear picture of the attack.

Data preservation and collection

Our experts ensure the integrity of digital evidence by following strict chain-of-custody protocols. We collect and preserve data from affected devices, servers, and networks in a forensically sound manner, maintaining the evidence's integrity for legal or internal purposes.

Malware analysis

We analyse malware and other malicious code to understand their behaviour, entry points, and impact on your systems. This analysis helps in identifying vulnerabilities exploited during the attack and aids in developing effective countermeasures.

Incident reconstruction

Our experts reconstruct the timeline of the cyber incident, detailing how the attack unfolded and identifying the attacker’s actions. This helps in understanding the full extent of the breach and assists in the development of more robust defences.

Expert witness services

When needed, our forensic specialists can provide expert witness testimony in legal proceedings, offering professional insights and presenting digital evidence in a clear, comprehensible manner to support your case.

Post-incident forensic analysis

After containment and remediation, our team conducts post-incident forensic analysis to identify any remaining threats and provide recommendations for preventing future incidents. This includes a detailed review of the incident to uncover any overlooked aspects and ensure comprehensive recovery.

Why work with us?

Specialist expertise

Our cyber security experts hold multiple vendor certifications and accreditations as well as highly respected industry accreditations from CREST, the PCI SSC, ISC2, BCI, Chartered Institute of IT, and NCSC CHECK.

Data-driven decision making

In 2023 we created over 150 cyber security detection rules across our security tools to support the quick identification of threats to our clients. We use this information to support you in securing your business assets with the appropriate response activities readying you to tackle current cyber threats.

Everywhere you are

Operating in over 55 countries, with more than 250 dedicated cyber security specialists and over 300 highly qualified information security auditors across the world, we can provide a local service with a globally consistent dedication to excellence.

Award winners

We have been recognised for the breadth and depth of our services – including the TEISS Award for Best Penetration Testing Service in 2024, Enterprise Threat Detection and Cloud Security awards at the Security Excellence Awards 2024 and the Stratus Award for Best Managed Cloud Security Service.

The world leader in CREST accreditations

We are proud to be the only organisation in the world with a full suite of accreditations from The Council of Registered Ethical Security Testers (CREST).

Our team of consultants have achieved the highest accreditations for Penetration Testing, Red Teaming, Incident Response services and Threat Intelligence. In addition, we were also the first organisation to be CREST accredited for our Security Operation Centre services.

 

 

 

 

 

 

 

 

 

Latest news, insights and upcoming events