Incident Response and Litigation Support

For more details, read the full case study.

In the event of digital attacks, such as malware, ransomware or an email account compromise, Kroll’s cyber investigation teams can collect and examine physical and digital evidence to uncover important information, such as where, when and how an incident occurred—and if systems are still at risk. We will determine what data was compromised and whether digital evidence was erased or modified. We will also work with your teams to recover data, whenever possible, and recreate events and exchanges so that you have an accurate diagnosis to develop an effective recovery plan.

 

“With the rising concerns of ransomware and intrusions that leverage data exfiltration, Kroll’s incident response teams have not only the experience to properly investigate the many aspects of risk to data, but also the technical understanding of how to properly contain the threat and eject active actors from compromised networks.” - Devon Ackerman, Managing Director, Head of Incident Response, North America

Scalable, Trial-Tested e-Discovery For Unparalleled Speed, Accuracy and Insight

Kroll’s litigation support services team is uniquely positioned to work in tandem with our incident responders to optimize the eDiscovery process and deliver case-changing insights. Our team stands ready to expedite data collection, either remotely or onsite, to minimize disruption to your operations and deliver insight for nuanced decision-making. 

Unique Threat Intelligence Experience and Unrivalled Expertise

Kroll experts have unique experience from former service with the FBI, DOJ, U.K. Intelligence, Europol, SEC, and U.S. Secret Service, among others. Our cadre of experts also hold more than 100 types of industry certifications, including CIPP/US, CRISC, CISA, CISM, CISSP, CPP, GCIH, GREM, GNFA, GPEN, MCP, MCSE, PCI, PMP, QSA, and CEH. 

Incident Response Retainers Deliver Peace of Mind and Maximum Value

Kroll also offers several incident response retainers that are designed to offer maximum flexibility and include an array of proactive services that ensure you get tangible value. With increasing privacy and consumer protection laws mandating timely response and notification, you gain peace of mind knowing Kroll’s global resources are readily available in a crisis and can leverage our expertise and end-to-end services to strengthen your overall cyber resiliency.

Cyber Insurance Preferred Partner

Kroll has a dedicated team for insurance and legal channels, with extensive relationships with 50+ cyber insurance brokers and carriers worldwide and exclusive benefits to insureds.

Kroll’s cybercrime investigation experts reflect our multidisciplinary team approach to problem-solving and leadership. In the event of litigation or regulatory action, we can work closely with general counsel, senior executives, audit committees or outside counsel at each stage to explicate forensics data and assure your objectives are met. If requested, we can assemble a case file for a referral to a regulator or law enforcement agency or serve as expert witnesses.

Kroll Cyber Incident Response and Litigation Support

Below are a select few of our services available to support incident response, cyber investigations or eDiscovery: 

• 24x7 Incident Response
  Whether your incident is the result of a malicious hacker or accidental exposure by an employee, Kroll can help. Our global network of certified security and digital forensic experts can deploy remote solutions quickly and/or be onsite within hours to help you contain the situation and determine next steps. 
• Digital Forensics
  Kroll’s computer forensics experts help ensure no digital evidence is overlooked and assist at any stage of a digital forensics investigation or litigation, regardless of the number or location of data sources. 
• Enhanced eDiscovery
  Kroll’s global and scalable eDiscovery services are trial tested for unrivaled speed, accuracy and insight. Our services range from strategic advice on processes and technologies, to managed services for workflows, document review, digital forensics and more. 
• Cyber Litigation Support
  If you need to respond to an investigatory matter, forensic discovery demand or information security incident, Kroll’s forensic engineers can help you win cases and mitigate losses. Many of our experts have considerable expert testimony experience in presenting findings to judges, juries and arbitrators, with many having served as special masters at the court’s appointment. 
• PCI Forensic Investigator
  Kroll’s PCI forensic investigators (PFIs) will help determine if, when and/or how cardholder data compromise may have occurred, using proven investigative methodologies and tools. Our PFI investigators can also conduct PCI Security Standard Council-mandated investigations. 
• Data Recovery and Forensic Analysis
  Our experienced experts use advanced forensic software and protocols to collect and preserve data collection from every aspect of your digital environment—servers to laptops to smartphones. We handle evidence with proven, forensically sound methodology, using data recovery tools and processes that are supported by case law. 
• Malware and Advanced Persistent Threat Detection
  Kroll’s specially trained information security consultants and network forensic analysts perform live system memory and forensic analysis on continually evolving malware. We are also experienced in determining the scope and intent of advanced persistent threats so you can launch a more targeted and effective response. 
• Incident Response Threat Simulations
  Kroll follows a seven-step process refined by our experience leading hundreds of cyber tabletop exercises (TTX) for client organizations of various sizes, complexity and industry sectors. Participating in a Kroll TTX helps your team clarify and rehearse their roles and develop greater confidence to perform effectively in the event of an incident.

Many more solutions are available, use the links on this page to explore them further or speak to a Kroll expert today via our 24x7 cyber incident hotlines or our contact page.