Incident Response and Litigation Support

Kroll’s team of elite security experts respond to more than 3,200 cyber incidents a year. They have the resources and expertise to support clients through the entire incident lifecycle, including litigation demands. We help companies maintain their peace of mind in times of crisis.
Contact Us

No matter what type of cybercrime is committed or what data is lost, we have the experience and resources to move quickly and act decisively to isolate and secure compromised data and investigate the digital trail, wherever it may lead. For example, in cases involving malicious insiders, our team can combine computer forensic expertise with exceptional investigative resources and methodology to retrace the behavior of those who may have had access to protected or proprietary information.

In response to digital attacks originating outside the company, including malware, ransomware or an email account compromise, Kroll’s cyber investigation teams collect and examine physical and digital evidence to determine where, when and how an incident occurred—and if there are any remaining threats within the systems. Our experts will quickly determine what data was compromised and what digital evidence may have been erased or modified. They will also work with clients to recover data whenever possible and recreate events and exchanges to accurately diagnose the problem so they can develop and implement an effective recovery plan.


With the rising concerns of ransomware and intrusions that leverage data exfiltration, Kroll’s incident response teams have not only the experience to properly investigate the many aspects of risk to data, but also the technical understanding of how to properly contain the threat and eject active actors from compromised networks.

– Devon Ackerman, Managing Director, Head of Incident Response, North America

Insider Threat Investigation

Watch Michael Quinn, a managing director in our practice, recount an insider threat investigation his team conducted.

A global software company based in Europe received an email from an anonymous source stating the sender had access to personally identifiable information, confidential financial data and IP source code for one of its subsidiaries. The sender gave Kroll’s client two weeks to pay a ransom of one million euros in bitcoin before it was leaked. Kroll's forensic investigators ascertained that an insider threat was the source of the infiltration, identified the individual responsible and provided the necessary evidence to assist with a prosecution.

For more details, read the full case study.

Trial-Tested Litigation Support Services

Kroll’s litigation support services team works in tandem with our incident responders to optimize the investigation process, expedite data collection either remotely or onsite, and deliver case-changing insights.

Unique Threat Intelligence Expertise

Kroll experts have unique experience from international intelligence agencies including the FBI, DOJ, GCHQ and Europol. Our cadre of experts also hold more than 100 types of industry certifications.

Flexible Incident Response Retainers

Kroll incident response retainers are designed to provide peace of mind and offer maximum flexibility. Get access to elite digital forensics and incident response capabilities, alongside an array of proactive services that ensure you get tangible value.

Cyber Insurance Preferred Partner

Kroll has a dedicated team for insurance and legal channels, with extensive relationships with 50+ cyber insurance brokers and carriers worldwide and exclusive benefits to insureds.


Enabling Diligent, Seamless Response Worldwide

Enabling Diligent, Seamless Response Worldwide 

Kroll’s cybercrime investigation teams use a multidisciplinary problem-solving and leadership approach. In the event of litigation or regulatory action, we can work closely with in-house or outside counsel, senior executives and audit committees through each stage to provide frequent updates and assure company objectives are being met. If requested, we can assemble a case file for a referral to any relevant regulatory or law enforcement agency or serve as expert witnesses in any subsequent litigation.

Kroll Cyber Incident Response and Litigation Support

Our comprehensive incident response and cyber investigation services include the following: 

  • 24x7 Incident Response
    Whether it’s a ransomware attack, malicious hacker or accidental exposure by an employee, Kroll’s global network of certified security and digital forensic experts provide rapid response, deploying remote solutions to anywhere in the world and/or arriving onsite within hours to help companies contain the situation and determine next steps. 
  • Digital Forensics
    Kroll’s computer forensics experts can assist at any stage of investigation or litigation – no matter how many data sources and locations – to ensure no digital evidence is lost or overlooked.  
  • Cyber Litigation Support
    Whether it’s responding to an investigatory matter, forensic discovery demand or data security incident, Kroll’s forensic engineers help our clients win cases and mitigate any losses. Many of our team members have considerable experience providing expert testimony, presenting findings to judges, juries and arbitrators. A number of our experts have also served as special masters at the court’s appointment.
  • PCI Forensic Investigator
    Kroll’s PCI forensic investigators (PFIs) use proven investigations methods to determine whether cardholder data has been compromised as well as the detail and scope of any potential exposure. Our PFI investigators can also conduct PCI Security Standard Council-mandated investigations.
  • Data Recovery and Forensic Analysis
    Our experienced experts use cutting edge forensic software and protocols to gather and preserve data from every part of a company’s system and network – servers to laptops to mobile devices.  They use proven, forensically sound methods to handle evidence with data recovery tools that are supported by case law.
  • Malware and Advanced Persistent Threat Detection
    Kroll’s skilled cyber security consultants and network forensic experts perform live system memory and forensic analysis on continually evolving malware. This allows us to determine the scope and intent of any advanced persistent threats to help clients launch a more targeted and effective response.  
  • Incident Response Threat Simulations
    Kroll’s Cyber Risk team has led hundreds of cyber tabletop exercises (TTX) for client organizations of various sizes, complexity and industry sectors. Following our seven-step process, a Kroll TTX gives participants a chance to rehearse and develop greater confidence in their roles in a cyber incident response plan.  

Many more solutions are available, use the links on this page to explore them further or speak to a Kroll expert today via our 24x7 cyber incident hotlines or our contact page.

Stay Ahead with Kroll

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Incident Response and Litigation Support

Kroll’s elite security leaders deliver rapid responses for over 3,200 incidents per year and have the resources and expertise to support the entire incident lifecycle.

Kroll Responder

Stop cyberattacks. Kroll’s managed detection and response services are powered by an elite team of seasoned cyber risk experts and frontline threat intelligence to deliver unrivaled response.

System Assessments and Testing

Kroll’s field-proven cyber security assessment and testing solutions help identify, evaluate and prioritize risks to people, data, operations and technologies worldwide.

Cyber Governance and Risk

Manage cyber risk and information security governance issues with Kroll’s defensible cyber security strategy framework.

Notification, Call Centers and Monitoring

Kroll’s data breach notification, call centers and monitoring team brings unique expertise to global incident response to help clients efficiently manage regulatory and reputational needs.