IT Forensics

How to use a hacking incident in your favor in the long term

Standards & Certifications

Has your business been hacked?

Or do you notice abnormalities in your networks and are not sure whether attackers are at work?

Then you are probably asking yourself these main questions:

Important: If possible, please do not switch off any systems prematurely! This could permanently destroy important information and warn the attackers.
Too many questions in mind?
Let's talk personally about your situation and develop the right strategy!
Arrange a personal meeting

Our IT forensics experts guide you through the processing of the incident so that you emerge from the situation with increased cyber resilience.

In IT forensics to process an acute incident, 3 things are particularly important:

We need to make sure the attackers can't propagate further into your networks and cause more damage. Intuitively, you might have the impulse to shut down all systems and go completely offline to be on the safe side. But be careful: During a shutdown, important information about the attack is lost, which is crucial for a complete and efficient cleanup of your systems. It is therefore best to contact us immediately before you initiate any measures yourself - we protect your unaffected network areas and data by cleanly separating infiltrated areas without alarming the attacker or covering their tracks.
This makes sense for two reasons: First, we need information to ensure that we really do have your systems "clean" again in the end and that we don't overlook any remaining attackers: For example, if we know which family the malware used belongs to, we can check the entire network for affected areas more efficiently. Secondly, the information collected is an excellent basis for subsequently hardening your IT security for the future. For example, if we know how the attackers were able to get into your systems initially, we can prioritize closing this vulnerability together with you.
It is not uncommon for companies to be hacked again shortly after a successful cyber attack. After all, it is now known what weaknesses the company has. To prevent this from happening to you, use the information from the forensic analysis of the incident to strengthen your IT security over the long term. We are also happy to support you with this step with a comprehensive penetration test and IT security consulting.

If the exact processes of an incident response are not already firmly anchored in your company, it is difficult to keep the reins under control in an acute situation.

That's why we usually hire Mobile Incident Response Team (MIRT), which takes over the crisis management for you on site.

On site for you: Our Mobile Incident Response Team (MIRT)

Lead Investigator


IT Security Specialist


Crisis Manager


Malware Analyst


Host Forensic Scientist


Network Forensic Scientist



This is how the first day of our MIRT works in the event of an incident at your site
(varies according to your human resources and the specific incident):

The crisis team consists of the decision-maker, legally relevant persons (specialist lawyer, DPO, works council), CISO and CIO. In this case, the CISO is authorized to give instructions to the employees of the CIO.
As a rule, a morning meeting for status and task discussion and an evening meeting for a status update and necessary decisions are agreed. If necessary, another meeting takes place at night in a shift cycle of 8 hours.
In a first personal conversation we determine the current situation.
The creation of the daily action plan is based on the inventory discussion.
The specialist team leaders develop technical measures in separate specialist meetings, which are then implemented. Depending on the size of your IT department, there is an overarching IT team instead of specialist teams.
The specialist team leaders give the crisis management team an update on the measures that have been developed and implemented. Necessary decisions are made and the next steps are discussed.

IT forensics by ProSec: Use the expertise of our offensive security analysts

We wear the attacker glasses

Thanks to our many years of experience in penetration testing, we know exactly which attack vectors are particularly attractive and which malware is currently being used more frequently. This gives us and you an advantage in forensic analysis.

Customized service

We do not do mass processing, but take a close look at your situation and your resources. For example, not every company has all the human, technical and procedural resources required for a forensic investigation. In this case we support you with our other services (see below).

We document in an action- and solution-oriented manner

The same applies to IT forensics as to pentesting: in the end, the customer should be armed against future attacks with increased cyber resilience. An important building block for this is our complete, understandable and legally usable documentation.

Have you just been hacked, or do you want to prepare for such a situation?

Then find out everything you need to know about ProSec's Digital Forensic Incident Response (DFIR) services here.