Computer and network security have become an important part of an organisation’s management control structure. 

Since most organisations rely on computer systems and related application software to manage and maintain their business information, it is critical that these organisations can ensure the confidentiality, integrity and availability of their data.

When a security incident occurs, an efficient, prompt response is critical to maintaining business operations and minimising the financial impact and reputational damage. It is essential to quickly detect, contain and respond to any threat in the organisation.

While response plans may already be in place, it requires expertise to provide the technical investigative and forensic support to these incidents. Be ready to deal with any cyber security incidents with a forensic expert from the Risk Consulting Incident Response services at RSM.

Whether you need an experienced team to provide digital forensics investigations or response services at short notice, or assistance in developing your internal forensic and response capabilities, we’re ready to help. RSM brings a comprehensive team with specialists that can address the needs of our clients.

KEY CONTACT

 Darren Booth                    
Partner

E: [email protected]

T: +61 3 9286 8158

 Ashwin Pal                    
Partner

E: [email protected]

T: +61 2 8226 4858

 Riaan Bronkhorst                    
Partner

E: [email protected]

T: +61 8 9261 9272

How can we help you?

Our consultants’ expertise centres around assisting clients with time-sensitive incident responses and helping to identify root causes to resolve incidents as expeditiously as possible.

Whether you need an experienced team to provide digital forensics investigations or response services at short notice, or assistance in developing your internal forensic and response capabilities, we’re ready to help.

RSM brings a comprehensive team with specialists that can address the needs of our clients.

Our consultants’ expertise centres around assisting clients with time-sensitive incident responses and helping to identify root causes to resolve incidents as expeditiously as possible.

A detailed and thorough investigation will provide an organisation with an understanding of the incident’s lifecycle, focusing on the initial control weakness that allowed the attack, through to the trail of compromised systems and data.

RSM will provide a report detailing the investigation, along with recommendations on what could be implemented from a people, process and technology perspective to prevent the incident from reoccurring.

Organisations who have become victim of a security incident and are requiring an investigation to identify the root cause of the incident and what data and systems were affected. 

The size of the incidents ranges from a single compromised email account to thousands of systems compromised with a very aggressive malware. Typically, our incident response matters run from a few to several hundred compromised systems.

Our focus is on data breach investigations, cyber security and incident response, digital forensic analysis, malware analysis, collection of Electronically Stored Information (ESI), ransomware and intellectual property theft matters. We undertake digital-related investigations on all types of media, ensure compliance with accepted computer forensic protocols and report on cases related to computer crime and digital forensics.

The types of incidents we typically encounter fall into a range of categories including:

  • Malware
  • Ransomware
  • Theft of intellectual property/trade secrets
  • Social engineering attacks
  • Lost or stolen devices
  • Compromised web-based email and file storage accounts

 

 

 

 

RSM is experienced in conducting ransomware assessments.

We can provide advice on how to manage and respond to a ransomware attack, supporting organisations at all stages from detection through to post incident review. We are also able to assist with simulating a real ransomware attack, assessing the configurations of your logging, monitoring and alerting systems and testing security controls, user susceptibility and incident response procedures.
Our core incident response staff are in Melbourne. We also have other technology and security personnel who participate in cyber incident response and ransomware matters located in Sydney and Perth.

Identifying and attempting to retrieve possible evidence from computers and related systems calls for a series of careful steps. Our team uses an approach designed to:

  • Identifying and attempting to retrieve possible evidence from computers and related systems calls for a series of careful steps. Our team uses an approach designed to:
  • Discover all files on the subject system including existing normal files, deleted yet remaining files, hidden files, password-protected and encrypted files
  • Recover discovered deleted files
  • Investigate the larger enterprise environment, including firewalls, security monitoring solutions, network devices and other systems critical to understanding the events at hand
  • Investigate the larger enterprise environment, including firewalls, security monitoring solutions, network devices and other systems critical to understanding the events at hand
  • Provide expert consultation or testimony as required
  • Reveal the contents of hidden, temporary or swap files used by application programs and the operating system
  • Access protected or encrypted files when possible and legally appropriate
  • Access protected or encrypted files when possible and legally appropriate
  • Develop an overall computer system analysis process, and a listing of all possibly relevant files and discovered file data
  • "Tabletop exercises" - a cyber security incident response tabletop exercise to better evaluate the effectiveness of an organisation’s current Incident Response plan and procedures, as well as to provide recommendations to overcome potential gaps. These exercises can be provided annually to ensure that your organisation is continuously improving its cyber security posture.