At times clients need additional support while recovery from a major cyber security incident. Tracepoint can deploy engineers to the client site that can assist the client with the collection of evidence as well as with restoration and recovery efforts to bring systems back online for production. The work is conducted at the direction of client and its end goal is to get the computer systems back up to operational order.

Planning, Assessment & Consultation

Tracepoint will plan, communication and interact with client staff to obtain technical data and client needs, review infrastructure, determine backup feasibility, and determine specialty needs for client recovery either remotely or physically onsite.

Key Services:

  • Onsite or remote technical consultation.

  • Review network structure, resources, and any non‐identified technical needs.

  • Identify critical network assets and priority listing for restoration/recovery.

  • Determine feasibility of available backups.

  • Attend meetings and conference calls for routine status updates

  • Project management

Staff Augmentation Services

Tracepoint will provide staff augmentation services to assist Client IT in all aspects of investigation and recovery process either remotely or physically onsite.

Key Services:

  • Assist client IT with evidence preservation and collection of requested system forensic images and triage script datasets for analysis.

  • Assist client IT with collecting and preservation of existing logs on systems and network equipment for analysis.

  • Assist client IT with the installation of endpoint technology, if needed, at the direction of counsel.

Containment, Restoration & Recovery

Tracepoint will provide containment strategy, restoration, and recovery services through augmented personnel either remotely or physically onsite.

Key Services:

  • Provide containment strategy to remove or reduce ability of threat actor to gain access to the network.

  • Workstation Imaging and Application Installations, as required, to support recovery and restoration. 

  • Restore/rebuild operating systems, network devices and other systems supporting recovery and restoration.

  • Restore/rebuild enterprise authentication systems (ie. Active Directory, DHCP), If required to support recovery and restoration.

  • Remediate workstations and services to remove persistent traces of malware from identified systems.

Decryption Support

Tracepoint can provide support to client IT for decryption restoration either remotely or physically onsite if decryption keys become available.

Key Services:

  • Assist client IT with requisite files and data for decryption support.

  • Determine priority systems and develop decryption roll out plan based on critical needs.

  • Decrypt affected files and systems per decryption roll out plan.

  • Review files, databases, and systems for corruption and discrepancies versus original, as possible.

  • Facilitate advanced support for abnormal corrupted critical files, as possible.

Get Started

Ready for full-service cyber incident response, remediation and recovery solutions? Get in touch & we'll handle the rest.