Incident Response and Litigation Support
Kroll’s team of elite security experts respond to more than 3,200 cyber incidents a year. They have the resources and expertise to support clients through the entire incident lifecycle, including litigation demands. We help companies maintain their peace of mind in times of crisis.Contact us
No matter what type of cybercrime is committed or what data is lost, we have the experience and resources to move quickly and act decisively to isolate and secure compromised data and investigate the digital trail, wherever it may lead. For example, in cases involving malicious insiders, our team can combine computer forensic expertise with exceptional investigative resources and methodology to retrace the behavior of those who may have had access to protected or proprietary information.
In response to digital attacks originating outside the company, including malware, ransomware or an email account compromise, Kroll’s cyber investigation teams collect and examine physical and digital evidence to determine where, when and how an incident occurred—and if there are any remaining threats within the systems. Our experts will quickly determine what data was compromised and what digital evidence may have been erased or modified. They will also work with clients to recover data whenever possible and recreate events and exchanges to accurately diagnose the problem so they can develop and implement an effective recovery plan.
– Devon Ackerman, Managing Director, Head of Incident Response, North America
With the rising concerns of ransomware and intrusions that leverage data exfiltration, Kroll’s incident response teams have not only the experience to properly investigate the many aspects of risk to data, but also the technical understanding of how to properly contain the threat and eject active actors from compromised networks.
Trial-Tested Litigation Support Services
Kroll’s litigation support services team works in tandem with our incident responders to optimize the investigation process, expedite data collection either remotely or onsite, and deliver case-changing insights.
Unique Threat Intelligence Expertise
Kroll experts have unique experience from international intelligence agencies including the FBI, DOJ, GCHQ and Europol. Our cadre of experts also hold more than 100 types of industry certifications.
Flexible Incident Response Retainers
Kroll incident response retainers are designed to provide peace of mind and offer maximum flexibility. Get access to elite digital forensics and incident response capabilities, alongside an array of proactive services that ensure you get tangible value.
Cyber Insurance Preferred Partner
Kroll has a dedicated team for insurance and legal channels, with extensive relationships with 50+ cyber insurance brokers and carriers worldwide and exclusive benefits to insureds.
Enabling Diligent, Seamless Response Worldwide
Kroll’s cybercrime investigation teams use a multidisciplinary problem-solving and leadership approach. In the event of litigation or regulatory action, we can work closely with in-house or outside counsel, senior executives and audit committees through each stage to provide frequent updates and assure company objectives are being met. If requested, we can assemble a case file for a referral to any relevant regulatory or law enforcement agency or serve as expert witnesses in any subsequent litigation.
Kroll Cyber Incident Response and Litigation Support
Our comprehensive incident response and cyber investigation services include the following:
- 24x7 Incident Response
Whether it’s a ransomware attack, malicious hacker or accidental exposure by an employee, Kroll’s global network of certified security and digital forensic experts provide rapid response, deploying remote solutions to anywhere in the world and/or arriving onsite within hours to help companies contain the situation and determine next steps.
- Digital Forensics
Kroll’s computer forensics experts can assist at any stage of investigation or litigation – no matter how many data sources and locations – to ensure no digital evidence is lost or overlooked.
- Cyber Litigation Support
Whether it’s responding to an investigatory matter, forensic discovery demand or data security incident, Kroll’s forensic engineers help our clients win cases and mitigate any losses. Many of our team members have considerable experience providing expert testimony, presenting findings to judges, juries and arbitrators. A number of our experts have also served as special masters at the court’s appointment.
- PCI Forensic Investigator
Kroll’s PCI forensic investigators (PFIs) use proven investigations methods to determine whether cardholder data has been compromised as well as the detail and scope of any potential exposure. Our PFI investigators can also conduct PCI Security Standard Council-mandated investigations.
- Data Recovery and Forensic Analysis
Our experienced experts use cutting edge forensic software and protocols to gather and preserve data from every part of a company’s system and network – servers to laptops to mobile devices. They use proven, forensically sound methods to handle evidence with data recovery tools that are supported by case law.
- Malware and Advanced Persistent Threat Detection
Kroll’s skilled cyber security consultants and network forensic experts perform live system memory and forensic analysis on continually evolving malware. This allows us to determine the scope and intent of any advanced persistent threats to help clients launch a more targeted and effective response.
- Incident Response Threat Simulations
Kroll’s Cyber Risk team has led hundreds of cyber tabletop exercises (TTX) for client organizations of various sizes, complexity and industry sectors. Following our seven-step process, a Kroll TTX gives participants a chance to rehearse and develop greater confidence in their roles in a cyber incident response plan.