Adam Malone
Global Head, Acute Events
Cyber and Data Resilience
Atlanta
Incident Response and Litigation Support
Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year and have the resources and expertise to support the entire incident lifecycle, including litigation demands. Gain peace of mind in a crisis.
Contact UsKroll is the largest global incident response provider with unrivalled expertise and frontline threat intel to protect, detect and respond against attacks on the digital and physical frontiers.
No matter the type of data loss or cybercrime, Kroll has the experience and resources (human and technology) to move quickly, to discern, isolate and secure valuable relevant data and investigate the digital trail, wherever it may lead. For example, in the case of malicious insiders, we can combine computer forensic expertise with traditional investigative methodology, including interviews and surveillance, to retrace the behavior of people who may have had access to protected or proprietary information.
In the event of digital attacks, such as malware, ransomware or email account compromise, Kroll’s cyber investigation teams can collect and examine physical and digital evidence to uncover important information, such as where, when and how an incident occurred—and if systems are still at risk. We will determine what data was compromised and whether digital evidence was erased or modified. We will also work with your teams to recover data, whenever possible, and recreate events and exchanges so that you have an accurate diagnosis to develop an effective recovery plan.
Digital attacks oftentimes may include a physical component, including infiltration of local offices within an organization or tangible threats to staff, executives and boards. Our cyber team works hand-in-hand with Kroll’s enterprise security risk management experts to ensure that organizations are protected on all fronts following an incident.
Case Study – Insider Threat Investigation
A global software company based in Europe received an email from an anonymous source stating the sender had access to personally identifiable information, confidential financial data and IP source code for one of its subsidiaries. The sender gave Kroll’s client two weeks to pay a ransom of one million euros in bitcoin before it was leaked. Kroll's forensic investigators got to work – ascertaining that the information in question could only have come from an insider threat. Our experts identified the individual responsible – a former employee - and provided the necessary evidence to assist with a prosecution and eventual conviction.
For more details, read the full case study.
Trial-Tested Litigation Support Services
Kroll’s litigation support services team works in tandem with our incident responders to optimize the investigation process, expedite data collection either remotely or onsite, perform eDiscovery and deliver case-changing insights.
Unique Threat Intelligence Expertise
Kroll experts have unique experience from international intelligence agencies including the FBI, DOJ, GCHQ and Europol. Our cadre of experts also hold more than 100 types of industry certifications.
Flexible Incident Response Retainers
Kroll incident response retainers are designed to provide peace of mind and offer maximum flexibility. Get access to elite digital forensics and incident response capabilities, alongside an array of proactive services that ensure you get tangible value.
Cyber Insurance Preferred Partner
Kroll has a dedicated team for insurance and legal channels, with extensive relationships with 50+ cyber insurance brokers and carriers worldwide and exclusive benefits to insureds.
Enabling Diligent, Seamless Response Worldwide
Elite DFIR | Litigation Support | Intelligence Platform |
|---|---|---|
|
|
|
Communication | Remediation and Recovery | Notification |
|---|---|---|
|
|
|
Kroll’s cybercrime investigation experts reflect our multidisciplinary team approach to problem-solving and leadership. In the event of litigation or regulatory action, we can work closely with general counsel, senior executives, audit committees or outside counsel at each stage to explicate forensics data and assure your objectives are met. If requested, we can assemble a case file for a referral to a regulator or law enforcement agency or serve as expert witnesses.
Kroll Cyber Incident Response and Litigation Support
Below are a select few of our services available to support incident response, eDiscovery and cyber investigations:
- 24x7 Incident Response
Whether your incident is the result of a malicious hacker or accidental exposure by an employee, Kroll can help. Our global network of certified security and digital forensic experts can deploy remote solutions quickly and/or be onsite within hours to help you contain the situation and determine next steps. - Digital Forensics
Kroll’s computer forensics experts help ensure no digital evidence is overlooked and assist at any stage of a digital forensics investigation or litigation, regardless of the number or location of data sources. - Cyber Litigation Support
If you need to respond to an investigatory matter, forensic discovery demand or information security incident, Kroll’s forensic engineers can help you win cases and mitigate losses. Many of our experts have considerable expert testimony experience in presenting findings to judges, juries and arbitrators, with many having served as special masters at the court’s appointment. - Global eDiscovery Solutions
Kroll's eDiscovery specialists can provide support throughout the entire eDiscovery lifecycle for a wide arrange of matters. - PCI Forensic Investigator
Kroll’s PCI forensic investigators (PFIs) will help determine if, when and/or how cardholder data compromise may have occurred, using proven investigative methodologies and tools. Our PFI investigators can also conduct PCI Security Standard Council-mandated investigations.
- Data Recovery and Forensic Analysis
Our experienced experts use advanced forensic software and protocols to collect and preserve data collection from every aspect of your digital environment—servers to laptops to smartphones. We handle evidence with proven, forensically sound methodology, using data recovery tools and processes that are supported by case law. - Malware and Advanced Persistent Threat Detection
Kroll’s specially trained information security consultants and network forensic analysts perform live system memory and forensic analysis on continually evolving malware. We are also experienced in determining the scope and intent of advanced persistent threats so you can launch a more targeted and effective response. - Incident Response Threat Simulations
Kroll follows a seven-step process refined by our experience leading hundreds of cyber tabletop exercises (TTX) for client organizations of various sizes, complexity and industry sectors. Participating in a Kroll TTX helps your team clarify and rehearse their roles and develop greater confidence to perform effectively in the event of an incident. - Incident Recovery and Remediation
Expedite system recovery and minimize business disruption, with services including device and server reimaging, active directory rebuilding, network segmentation, hardware upgrades or replacements, patch management and network hardening.
Looking for Business Continuity/Disaster Recovery Solutions?
Disruptions can happen anywhere, anytime. As threats grow in the digital sphere, organizations remain vulnerable to onsite attacks, including natural disasters, workplace violence and a range of other physical threats. A well-structured business continuity and disaster recovery plan emphasizes the safety of employees, security of data and the quick recovery and maintenance of essential functions. Reach out to our business continuity experts to develop a comprehensive plan for unforeseeable events that could affect your business.Many more solutions are available, use the links on this page to explore them further or speak to a Kroll expert today via our 24x7 cyber incident hotlines or our contact page.
Key Areas
Data Collection and Preservation
Improve investigations and reduce your potential for litigation and fines with the strict chain-of-custody protocol our experts follow at every stage of the data collection process.
Computer Forensics
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
24x7 Incident Response
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Office 365 Security, Forensics and Incident Response
Digital forensic experts investigate hundreds of Office 365 incidents per year and help strengthen your security.
Malware Analysis and Reverse Engineering
Kroll’s Malware Analysis and Reverse Engineering team draws from decades of private and public-sector experience, across all industries, to deliver actionable findings through in-depth technical analysis of benign and malicious code.
Malware and Advanced Persistent Threat Detection
Our expertise allows us to identify and analyze the scope and intent of advanced persistent threats to launch a targeted and effective response.
Business Email Compromise (BEC) Response and Investigation
In a business email compromise (BEC) attack, fast and decisive response can make a tremendous difference in limiting financial, reputational and litigation risk. With decades of experience investigating BEC scams across a variety of platforms and proprietary forensic tools, Kroll is your ultimate BEC response partner.
Global eDiscovery Services
Award winning, Forrester-recognized eDiscovery specialist trusted by clients year after year with experienced professionals who provide support throughout the entire eDiscovery lifecycle.
Cyber Litigation Support
Whether responding to an investigatory matter, forensic discovery demand, or information security incident, Kroll’s forensic engineers have extensive experience providing litigation support and global eDiscovery services to help clients win cases and mitigate losses.
CrowdStrike Incident and Systemic Cyber Risk in the Context of EU Regulations
Threat Intelligence
CrowdStrike Incident and Systemic Cyber Risk in the Context of EU Regulations
August 8, 2024
by Tiernan Connolly
Cyber
Machine Learning in Cybersecurity: Models, Marketplaces and More
June 18, 2024
by Alex Cowperthwaite, Pratik Amin
Threat Intelligence
PLAY Ransomware Group Gains Access via Citrix Bleed Vulnerability
June 11, 2024
by George Glass, Keith Wojcieszek
Cyber
An Introduction To Purple Teaming
June 5, 2024
Kroll Recognized in 2023 Gartner Market Guide for Digital Forensics and Incident Response Retainer Services
Kroll in News
Kroll Recognized in 2023 Gartner Market Guide for Digital Forensics and Incident Response Retainer Services
May 19, 2023
News
Kroll Launches Cyber Partner Program Delivering Lifetime Returns
February 28, 2023
News
Chief Financial Officers Ignoring Cyber Risk Worth Millions of Dollars According to Kroll Report
September 13, 2022
News
Kroll Wins Cyber Event Response Team of the Year at Advisen Awards 2022
June 22, 2022
Join Kroll at CLOC 2025 in Las Vegas
Cyber
Join Kroll at CLOC 2025 in Las Vegas
May 5 - 8, 2025|Conference
Visit Booth 523 for one-on-one insights on advancing your legal operations through industry-leading transformational programs.
Cyber
Kroll at RSAC 2025 Conference
April 28 - May 1, 2025|Conference
Join Kroll experts at RSAC 2025 in San Francisco. Stop by booth 842 in the South Expo Hall to meet our team.
Kroll is headquartered in New York with offices around the world.
One World Trade Center
285 Fulton Street, 31st Floor
New York NY 10007
Sign up to receive periodic news, reports, and invitations from Kroll.
Our privacy policy describes how your data will be processed.
© 2025 Kroll, LLC. All rights reserved.
Kroll is not affiliated with Kroll Bond Rating Agency,
Kroll OnTrack Inc. or their affiliated businesses. Read more.