What the first 72 hours look like
When you call our 24/7 hotline, a licensed investigator is on the phone in minutes. Within an hour we have an NDA, a secure communications channel, and a triage scope. Within 24 hours we typically have endpoint containment in place and are ingesting logs into our IR platform.
- Endpoint containment via Velociraptor, KAPE, or your existing EDR
- Log collection from M365/Entra ID, Google, firewalls and SIEM
- Ransomware triage: strain identification, negotiator liaison, recovery options
- Business email compromise (BEC) investigation and wire-fraud tracing
- Breach-notification counsel coordination (state AG, HHS, GDPR, SEC)
- Root-cause analysis and rebuild advisory
Counsel-led by default
Where appropriate, we work under your outside counsel’s direction to preserve attorney-client privilege and protect work product during regulatory and litigation exposure.