Home  >  Computer Security Incident Response Team   > Incident response

Incident response

This service covers the retrieval of elements allowing to constitute an incident case, the handling of a threat still present in your I.S. as well as the collection and the restitution of the data necessary to the realization of a digital forensic. This service can be associated with a digital forensic service.

Steps

Below is a list of the steps involved in the handling of an incident by the CSIRT COGICEO:

  1. Context retrieval.
  2. Evaluation of the impacted perimeter.
  3. Preparation of the defense plan.
  4. Evaluation of the collection method.
  5. Preparation of collection tools.
  6. I.S. access receiving.
  7. I.S. access check.
  8. Data collection.
  9. Restitution of collected data and incident report.

Type of incidents

Below is a list of incident topics we have encountered:

  • Web front-ends (Apache Tomcat, NGINX).
  • Microsoft Exchange on-premise mail service.
  • Microsoft Active Directory domain controler.
  • Microsoft Active Directory domain.
  • Workstations (Windows).
  • Core banking system.
  • AS/400.
  • Microsoft Office 365 user account.

Contact

🕑 9:30 AM - 6:30 PM CET/CEST
📅 monday - friday
📞 +33 (0)1.88.333.725
📧 csirt@cogiceo.com
🔑 COGICEO CSIRT PGP key
Key ID 8031 61C4 3EAB F642
Fingerprint 434E 6D2B D789 82A8 DF25 D2C7 8031 61C4 3EAB F642