What We Cover
From the first call through final report, we handle every stage of the response.
Emergency Containment
Immediate isolation of affected systems to stop lateral spread and limit damage.
Ransomware Investigation
Entry point identification, attack timeline reconstruction, decryption options, and recovery roadmap.
Breach Forensics
Timeline of the breach, compromised accounts, stolen data identification, attack methods, and persistence mechanisms.
Insider Threat Investigation
User activity analysis, data exfiltration evidence, policy violations, and legally admissible documentation.
Evidence Preservation
Chain of custody documentation following ISO 27037 and NIST SP 800-86, suitable for legal proceedings.
Post-Incident Assessment
Security posture review after containment to identify remaining gaps and prioritize hardening.
Law Enforcement Coordination
Liaison with authorities when criminal proceedings are involved, with proper evidence handoff.
Insurance Documentation
Structured incident reports and evidence packages that satisfy cyber insurance claim requirements.
Post-Incident Hardening
Prioritized remediation plan to close the exploited entry point and reduce the risk of recurrence.
What You Get
Structured deliverables at every stage of the engagement.
Incident Triage Report
Initial scope assessment: affected systems, attack vector hypothesis, and immediate containment actions taken.
Forensic Report
Full attack timeline with evidence, compromised account inventory, data exfiltration assessment, and root cause identification.
Hardening Plan
Prioritized remediation actions to close the exploited entry point and reduce recurrence risk.
Engagement Model
Access incident response on your terms.
On-Demand
Best-effort access, no commitment
- ✓ Available to any client
- ✓ Engaged as capacity allows
- ✓ Full scope included
Ongoing Retainer
Yearly subscription, SLA-based
- ✓ Negotiated SLA response time
- ✓ Pre-signed legal agreements
- ✓ Pre-provisioned access
- ✓ Priority engagement guarantee
Frequently Asked Questions
What is the difference between On-Demand and the Ongoing Retainer?
What does a typical engagement cover?
Can you help with ransomware?
Do you support legal and insurance processes?
How quickly can you start after we call?
Why D3 Cyber?
Beyond the Report
We don't hand you a report and walk away. We work alongside your team through containment, eradication, and recovery.
Forensic-Grade Evidence
Every investigation follows ISO 27037 and NIST SP 800-86. Chain of custody documentation supports legal proceedings and insurance claims.
Ransomware Specialists
We have handled ransomware cases across multiple sectors. We know how to reconstruct the attack path, identify the entry point, and harden what was exploited.
Don't Wait Until the Alarm Sounds
Set up an Ongoing Retainer now and we are ready to move the moment you need us.