Incident Response and Litigation Support

Kroll’s elite security leaders deliver rapid responses for over 3,200 incidents per year and have the resources and expertise to support the entire incident lifecycle, including litigation demands. Gain peace of mind in a crisis.

Contact us
/en/services/cyber-risk/incident-response-litigation-support /-/media/feature/services/cyber-risk/incident-response-litigation-support-desktop-banner.jpg service

No matter the type of data loss or cybercrime, Kroll has the experience and resources (human and technology) to move quickly, to discern, isolate and secure valuable relevant data and investigate the digital trail, wherever it may lead. For example, in the case of malicious insiders, we can combine computer forensic expertise with traditional investigative methodology, including interviews and surveillance, to retrace the behavior of people who may have had access to protected or proprietary information.

In the event of digital attacks, such as malware, ransomware or an email account compromise, Kroll’s cyber investigation teams can collect and examine physical and digital evidence to uncover important information, such as where, when and how an incident occurred—and if systems are still at risk. We will determine what data was compromised and whether digital evidence was erased or modified. We will also work with your teams to recover data, whenever possible, and recreate events and exchanges so that you have an accurate diagnosis to develop an effective recovery plan.


With the rising concerns of ransomware and intrusions that leverage data exfiltration, Kroll’s incident response teams have not only the experience to properly investigate the many aspects of risk to data, but also the technical understanding of how to properly contain the threat and eject active actors from compromised networks.

– Devon Ackerman, Managing Director, Head of Incident Response, North America

Watch Michael Quinn, a managing director in our practice, recount an insider threat investigation his team conducted.

Case Study – Insider Threat Investigation

A global software company based in Europe received an email from an anonymous source stating the sender had access to personally identifiable information, confidential financial data and IP source code for one of its subsidiaries. The sender gave Kroll’s client two weeks to pay a ransom of one million euros in bitcoin before it was leaked. Kroll's forensic investigators ascertained that an insider threat was the source of the infiltration, identified the individual responsible and provided the necessary evidence to assist with a prosecution.

For more details, read the full case study.

Watch Michael Quinn, a managing director in our practice, recount an insider threat investigation his team conducted.

Trial-Tested Litigation Support Services

Kroll’s litigation support services team works in tandem with our incident responders to optimize the investigation process, expedite data collection either remotely or onsite, and deliver case-changing insights.

Unique Threat Intelligence Expertise

Kroll experts have unique experience from international intelligence agencies including the FBI, DOJ, GCHQ and Europol. Our cadre of experts also hold more than 100 types of industry certifications.

Flexible Incident Response Retainers

Kroll incident response retainers are designed to provide peace of mind and offer maximum flexibility. Get access to elite digital forensics and incident response capabilities, alongside an array of proactive services that ensure you get tangible value.

Cyber Insurance Preferred Partner

Kroll has a dedicated team for insurance and legal channels, with extensive relationships with 50+ cyber insurance brokers and carriers worldwide and exclusive benefits to insureds.


Enabling Diligent, Seamless Response Worldwide

Enabling Diligent, Seamless Response Worldwide 

Kroll’s cybercrime investigation experts reflect our multidisciplinary team approach to problem-solving and leadership. In the event of litigation or regulatory action, we can work closely with general counsel, senior executives, audit committees or outside counsel at each stage to explicate forensics data and assure your objectives are met. If requested, we can assemble a case file for a referral to a regulator or law enforcement agency or serve as expert witnesses.

Kroll Cyber Incident Response and Litigation Support

Below are a select few of our services available to support incident response and cyber investigations: 

  • 24x7 Incident Response
    Whether your incident is the result of a malicious hacker or accidental exposure by an employee, Kroll can help. Our global network of certified security and digital forensic experts can deploy remote solutions quickly and/or be onsite within hours to help you contain the situation and determine next steps. 
  • Digital Forensics
    Kroll’s computer forensics experts help ensure no digital evidence is overlooked and assist at any stage of a digital forensics investigation or litigation, regardless of the number or location of data sources. 
  • Cyber Litigation Support
    If you need to respond to an investigatory matter, forensic discovery demand or information security incident, Kroll’s forensic engineers can help you win cases and mitigate losses. Many of our experts have considerable expert testimony experience in presenting findings to judges, juries and arbitrators, with many having served as special masters at the court’s appointment. 
  • PCI Forensic Investigator
    Kroll’s PCI forensic investigators (PFIs) will help determine if, when and/or how cardholder data compromise may have occurred, using proven investigative methodologies and tools. Our PFI investigators can also conduct PCI Security Standard Council-mandated investigations. 
  • Data Recovery and Forensic Analysis
    Our experienced experts use advanced forensic software and protocols to collect and preserve data collection from every aspect of your digital environment—servers to laptops to smartphones. We handle evidence with proven, forensically sound methodology, using data recovery tools and processes that are supported by case law. 
  • Malware and Advanced Persistent Threat Detection
    Kroll’s specially trained information security consultants and network forensic analysts perform live system memory and forensic analysis on continually evolving malware. We are also experienced in determining the scope and intent of advanced persistent threats so you can launch a more targeted and effective response. 
  • Incident Response Threat Simulations
    Kroll follows a seven-step process refined by our experience leading hundreds of cyber tabletop exercises (TTX) for client organizations of various sizes, complexity and industry sectors. Participating in a Kroll TTX helps your team clarify and rehearse their roles and develop greater confidence to perform effectively in the event of an incident.
  • Incident Recovery and Remediation
    Expedite system recovery and minimize business disruption, with services including device and server reimaging, active directory rebuilding, network segmentation, hardware upgrades or replacements, patch management and network hardening. 

Many more solutions are available, use the links on this page to explore them further or speak to a Kroll expert today via our 24x7 cyber incident hotlines or our contact page.

Key Areas

Increased Cyber Resilience with a Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Related Team

Connect with us

Devon Ackerman
Devon Ackerman
Regional Managing Director, North America
Cyber Risk
New York
Joel Bowers is a managing director
Joel Bowers
Managing Director
Cyber Risk

See all servicesStay Ahead with Kroll


Valuation of businesses, assets and alternative investments for financial reporting, tax and other purposes.

Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.

Corporate Finance and Restructuring

Middle Market M&A, Strategic Advisory, Debt Advisory and Private Capital Markets, Restructuring and Insolvency Services, Financial Due Diligence, Fairness Opinions, Solvency Opinions and ESOP/ERISA Advisory.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Environmental, Social and Governance

Advisory and technology solutions, including policies and procedures, screening and due diligence, disclosures and reporting and investigations, value creation, and monitoring.

Investigations and Disputes

World-wide expert services and tech-enabled advisory through all stages of diligence, forensic investigation, litigation, disputes and testimony.

Business Services

Expert provider of complex administrative solutions for capital events globally. Our services include claims and noticing administration, debt restructuring and liability management services, agency and trustee services and more.


Techniques for Effectively Securing AWS Lake Formation

Jan 25, 2023

by Alex Cowperthwaite Pratik Amin


Live from Davos – Cyber in 2023: Geopolitical and Economic Risks

Jan 16, 2023

by Jason N. SmolanoffMegan  Greene


Demystifying Breach Notification

Nov 04, 2022

by David Sigmundson, Andrew Berimbau

Incident Response

State of Incident Response: APAC

Oct 31, 2022


Kroll Launches Cyber Partner Program Delivering Lifetime Returns

Feb 28, 2023


Chief Financial Officers Ignoring Cyber Risk Worth Millions of Dollars According to Kroll Report

Sep 13, 2022


Kroll Wins Cyber Event Response Team of the Year at Advisen Awards 2022

Jun 22, 2022


Kroll Expands Cyber Incident Recovery Services

May 26, 2022


Kroll at RSA Conference 2023

Conference Conference Apr 24 - Apr 27, 2023 | Conference


KAPE Intensive Training and Certification

Online Event Online Event Apr 13 - Dec 07, 2023 | Online Event