Skip to main content

<Services

Incident Response

When it matters most

A breach in progress is not the time to figure out who to call. Our incident response team steps in immediately to contain the threat, investigate what happened, and get you back on track.

What We Cover

From the first call through final report, we handle every stage of the response.

Emergency Containment

Immediate isolation of affected systems to stop lateral spread and limit damage.

Ransomware Investigation

Entry point identification, attack timeline reconstruction, decryption options, and recovery roadmap.

Breach Forensics

Timeline of the breach, compromised accounts, stolen data identification, attack methods, and persistence mechanisms.

Insider Threat Investigation

User activity analysis, data exfiltration evidence, policy violations, and legally admissible documentation.

Evidence Preservation

Chain of custody documentation following ISO 27037 and NIST SP 800-86, suitable for legal proceedings.

Post-Incident Assessment

Security posture review after containment to identify remaining gaps and prioritize hardening.

Law Enforcement Coordination

Liaison with authorities when criminal proceedings are involved, with proper evidence handoff.

Insurance Documentation

Structured incident reports and evidence packages that satisfy cyber insurance claim requirements.

Post-Incident Hardening

Prioritized remediation plan to close the exploited entry point and reduce the risk of recurrence.

What You Get

Structured deliverables at every stage of the engagement.

Incident Triage Report

Initial scope assessment: affected systems, attack vector hypothesis, and immediate containment actions taken.

Forensic Report

Full attack timeline with evidence, compromised account inventory, data exfiltration assessment, and root cause identification.

Hardening Plan

Prioritized remediation actions to close the exploited entry point and reduce recurrence risk.

Engagement Model

Access incident response on your terms.

On-Demand

Best-effort access, no commitment

  • Available to any client
  • Engaged as capacity allows
  • Full scope included

Ongoing Retainer

Yearly subscription, SLA-based

  • Negotiated SLA response time
  • Pre-signed legal agreements
  • Pre-provisioned access
  • Priority engagement guarantee

Frequently Asked Questions

What is the difference between On-Demand and the Ongoing Retainer?

On-demand incident response is available to any client on a best-effort basis - we engage as resources allow. The Ongoing Retainer is a yearly subscription with a negotiated SLA, pre-signed legal agreements, and pre-provisioned technical access to your environment. This eliminates the setup delay that costs critical hours at the start of a real incident.

What does a typical engagement cover?

A standard engagement covers initial triage and containment, forensic investigation (attack timeline, entry point, compromised accounts, data exfiltration), eradication and recovery guidance, and a post-incident report with an executive summary and technical findings.

Can you help with ransomware?

Yes. We handle ransomware investigations end-to-end: identifying the entry point and attack timeline, assessing what data was accessed or exfiltrated, guiding recovery, and producing documentation for insurers and regulators.

Do you support legal and insurance processes?

Yes. Our investigations follow internationally recognized standards (ISO 27037, NIST SP 800-86) and produce chain-of-custody documentation suitable for legal proceedings, regulatory notifications, and cyber insurance claims.

How quickly can you start after we call?

For Ongoing Retainer clients, the SLA is agreed in advance based on your budget and risk profile. For on-demand clients, we engage as quickly as capacity allows - typically within the same business day for confirmed active incidents.

Why D3 Cyber?

Beyond the Report

We don't hand you a report and walk away. We work alongside your team through containment, eradication, and recovery.

Forensic-Grade Evidence

Every investigation follows ISO 27037 and NIST SP 800-86. Chain of custody documentation supports legal proceedings and insurance claims.

Ransomware Specialists

We have handled ransomware cases across multiple sectors. We know how to reconstruct the attack path, identify the entry point, and harden what was exploited.

Don't Wait Until the Alarm Sounds

Set up an Ongoing Retainer now and we are ready to move the moment you need us.