Digital Forensics and Incident Response

Digital Forensics services provided by RSM

Digital Forensics and Incident Response

Computer and network security have become an important part of an organisation’s management control structure. Since most organisations rely on computer systems and related application software to manage and maintain their business information, it is critical that these organisations can ensure the confidentiality, integrity and availability of their data.

When a security incident occurs, an efficient, prompt response is critical to maintaining business operations and minimising the financial impact and reputational damage. It is essential to quickly detect, contain and respond to any threat in the organisation.

While response plans may already be in place, it requires expertise to provide the technical investigative and forensic support to these incidents. Be ready to deal with any cyber security incidents with a forensic expert from the Risk Consulting Incident Response services at RSM.

KEY CONTACTS

Darren Booth
National Head of Security and Privacy Risk Services

E: [email protected]
T:+61 3 9286 8158


How can we help you?

 Locate nearest office

Digital Forensics and incident response
Have a question about workplace health and safety laws? We can assist

Whether you need an experienced team to provide digital forensics investigations or response services at short notice, or assistance in developing your internal forensic and response capabilities, we’re ready to help.

RSM brings a comprehensive team with specialists that can address the needs of our clients.

Our consultants’ expertise centres around assisting clients with time-sensitive incident responses and helping to identify root causes to resolve incidents as expeditiously as possible.

Benefits

A detailed and thorough investigation will provide an organisation with an understanding of the incident’s lifecycle, focusing on the initial control weakness that allowed the attack, through to the trail of compromised systems and data.

RSM will provide a report detailing the investigation, along with recommendations on what could be implemented from a people, process and technology perspective to prevent the incident from reoccurring.

Have a question about workplace health and safety laws? We can assist

Who needs this digital transformation?

Organisations who have become victim of a security incident and are requiring an investigation to identify the root cause of the incident and what data and systems were affected.

The size of the incidents ranges from a single compromised email account to thousands of systems compromised with a very aggressive malware. Typically, our incident response matters run from a few to several hundred compromised systems.

Our focus is on data breach investigations, cyber security and incident response, digital forensic analysis, malware analysis, collection of Electronically Stored Information (ESI), ransomware and intellectual property theft matters. We undertake digital-related investigations on all types of media, ensure compliance with accepted computer forensic protocols and report on cases related to computer crime and digital forensics.

The types of incidents we typically encounter fall into a range of categories including:

  • Malware
  • Ransomware
  • Theft of intellectual property/trade secrets
  • Social engineering attacks
  • Lost or stolen devices
  • Compromised web-based email and file storage accounts

RSM is experienced in conducting ransomware assessments.

We can provide advice on how to manage and respond to a ransomware attack, supporting organisations at all stages from detection through to post incident review. We are also able to assist with simulating a real ransomware attack, assessing the configurations of your logging, monitoring and alerting systems and testing security controls, user susceptibility and incident response procedures.
Our core incident response staff are in Melbourne. We also have other technology and security personnel who participate in cyber incident response and ransomware matters located in Sydney and Perth.

Contact a workplace assurance specialist

Overview of digital technology services

Identifying and attempting to retrieve possible evidence from computers and related systems calls for a series of careful steps. Our team uses an approach designed to:

  • Identifying and attempting to retrieve possible evidence from computers and related systems calls for a series of careful steps. Our team uses an approach designed to:
  • Discover all files on the subject system including existing normal files, deleted yet remaining files, hidden files, password-protected and encrypted files
  • Recover discovered deleted files
  • Investigate the larger enterprise environment, including firewalls, security monitoring solutions, network devices and other systems critical to understanding the events at hand
  • Investigate the larger enterprise environment, including firewalls, security monitoring solutions, network devices and other systems critical to understanding the events at hand
  • Provide expert consultation or testimony as required
  • Reveal the contents of hidden, temporary or swap files used by application programs and the operating system
  • Access protected or encrypted files when possible and legally appropriate
  • Access protected or encrypted files when possible and legally appropriate
  • Develop an overall computer system analysis process, and a listing of all possibly relevant files and discovered file data
  • "Tabletop exercises" - a cyber security incident response tabletop exercise to better evaluate the effectiveness of an organisation’s current Incident Response plan and procedures, as well as to provide recommendations to overcome potential gaps. These exercises can be provided annually to ensure that your organisation is continuously improving its cyber security posture.
RSM offers Workplace health and wellbeing culture assessments

Real estate organisations are a new target as cyberthreats continue to grow

25 May 2020
With the magnitude of security and data breach cases highlighted regularly in the media, most executives of real estate companies are aware that they will likely become a victim of a cyberattack.

Which security framework is right for you?

1 May 2020
With significant data breaches and cyberattacks making headlines almost on a daily basis, many organisations have realised the need for more effective security measures.

Is COVID-19 an excuse to forgo forensic due diligence or integrity checks?

20 April 2020
In the wake of these ever-changing times it is quite natural for businesses and individuals to focus more on survival. This includes staff retainment rather than paying attention to protective control measures including conducting forensic due diligence checks.

Business has changed again - is it time to update your business systems?

14 April 2020
Many businesses were planning to put 2019 behind them and were looking forward to 2020 with some optimism.  However, with the impact COVID-19 being felt by all, the first quarter of 2020 has not gone to plan.

How to cut IT costs when cash flow is tight

9 April 2020
With most businesses across Australia suffering a steep blow to cash flow in the current climate, it’s never been more important to eliminate wasteful spending.

Home office security essentials and tax deductions during COVID-19

26 March 2020
To minimise the spread of COVID-19, businesses across the globe are hurrying to implement remote working for employees.

COVID-19 and a remote workforce - steps to securing your organisation against cyber-attacks

24 March 2020
The global fear surrounding COVID-19 has forced many organisations to develop ‘Coronavirus Plans’ and consider alternate working methods. In an effort to protect the health of employees during this uncertain time, it is also critical to consider the cyber security health of your organisation.  

Pages