IT Forensics

How to use a hacking incident in your favor in the long run

Standards & Certifications

Has your company been hacked?

Or do you notice anomalies in your networks and aren't sure if attackers are at work?

Then you are probably mainly asking yourself these questions:

Important: If possible, please do not shut down systems prematurely! This could permanently destroy important information and warn the attackers.
Too many questions in your head?
Let's talk personally about your situation and develop the right strategy!
Arrange personal meeting

Our IT forensics experts will guide you through the incident handling process so that you emerge from the situation with increased cyber resilience at the end.

When it comes to IT forensics to work through an acute incident, 3 things in particular are critical:

We need to make sure that the attackers can't spread further into your networks and cause any more damage. Intuitively, you may have the impulse to shut down all systems and go completely offline, just to be on the safe side. But beware: during a shut-down, important information about the attack is lost, which is crucial for a complete and efficient cleanup of your systems. So it's best to contact us immediately before you take any action yourself - we will protect your network areas and data that have not yet been affected by cleanly separating them from infiltrated areas, without startling the attacker or covering any traces.
This makes sense for two reasons: First, we need information to make sure that we really "clean" your systems again in the end and that we don't miss any remaining attackers: For example, if we know which family the deployed malware belongs to, we can more efficiently scan your entire network for affected areas. Secondly, the information we collect is an excellent basis for subsequently hardening your IT security for the future. For example, if we know how the attackers were initially able to get into your systems, we can work with you to close this vulnerability in a prioritized manner.
It is not uncommon for companies to be hacked again shortly after a successful cyber attack. After all, it is now known what vulnerabilities the company has. To prevent this from happening to you, use the information from the forensic analysis of the incident to sustainably harden your IT security. We are also happy to support you in this step with a comprehensive penetration test and IT security consulting.

If the exact procedures of an incident response are not already ingrained in your organization, it is difficult to keep a tight rein on the acute situation.

That's why we usually provide a Mobile Incident Response Team (MIRT) to handle crisis management for you at your site.

On site for you: Our Mobile Incident Response Team (MIRT)

Head of Investigation


IT Security Specialist


Crisis Manager


Malware Analyst


Host Forensics


Network Forensics



Here's how a first day of our MIRT runs in the event of an incident at your site from
(varies according to your staff resources and the specific incident):

The crisis team consists of the decision-maker, legally relevant persons (specialist lawyer, DPO, works council), CISO and CIO. In this case, the CISO is authorized to issue instructions to the CIO's employees.
As a rule, a morning meeting is arranged for status and task discussion and an evening meeting for a status update and necessary decisions. If necessary, another meeting is held at night on an 8-hour shift cycle.
In an initial personal meeting, we determine the current status.
The creation of the daily action plan is based on the stocktaking conversation.
The specialist team leaders develop technical measures in separate specialist meetings, which are then implemented. Depending on the size of your IT department, there may be an overarching IT team instead of specialist teams.
The specialist team leaders give the crisis team an update on measures developed and implemented. Necessary decisions are made and the next steps are discussed.

IT Forensics by ProSec: Benefit from the expertise of our offensive security analysts

We wear the attacker glasses

Thanks to our many years of experience in penetration testing, we know exactly which attack vectors are particularly attractive and which malware is currently being used more frequently. This gives us and you an advantage in forensic analysis.

Individual service made to measure

We do not engage in mass processing, but take a close look at your situation and resources. For example, not every company has all the human, technical and procedural resources necessary for forensic processing. In this case, we support you with our other services (see below).

We document in an action and solution-oriented manner

The same applies to IT forensics as to pentesting: At the end of the day, the customer should be armed with increased cyber resilience against future attacks. An important building block for this is our complete, comprehensible documentation that can be used in court.

Have you just been hacked or do want to prepare for this eventuality?

Then learn everything you need to know about ProSec's Digital Forensic Incident Response (DFIR) services here.


Emerge stronger from a cyber attack
The topic of IT forensics is about the processing of a (successful) hacking attack. The focus here is on

● Efficient mitigation
● Professional documentation and
● Use of findings for security hardening.