1. info@rooksecurity.com // rooksecurity.com // 888.712.9531
DATA SHEET
The ever-increasing frequency and sophistication of cyber attacks mo-
tivate organizations to spend ever-increasing amounts of money and
resources to protect their and their clients’ sensitive data. Unfortunate-
ly, it is not a matter of if, it is a matter of when a breach occurs. So while
you should place a strong focus on prevention, it is also important
to know and understand how to quickly respond when incidents and
breaches do occur. Rook Security specializes in incident response (IR)
and digital forensics for organizations of all sizes and industries.
The Rook Security Methodology
The Rook Security Incident Response and Forensics methodology in-
corporates leading practices from our experienced professionals and
is used by our Smoke (SMK) Team to achieve consistent service deliv-
ery. Our approach also acknowledges the need for flexibility and the
ability to select from a wide variety of investigative methods as well as
incident response strategies. The Rook methodology embraces the
widely accepted principles of:
u Identification
u Containment
u Eradication
u Recovery
u Follow-up
Notification
Rook maintains a 24/7/365 incident response hotline and re-
sponse capability. We make it a priority to respond to calls and
emails placed regarding incidents from anywhere in the world.
Deployment
Our SMK Team provides support when a security breach is discov-
ered. The Rook SMK Team members are available for deployment
to your location within 24 hours.
Investigation
As part of the IR process, our IR and computer forensic profes-
sionals assist in investigating the incident to identify, preserve,
analyze, and review electronic evidence. We explore appropriate
countermeasure alternatives, obtain additional resources as
required, interact with federal and local law enforcement author-
ities, if appropriate, and report preliminary findings to executive
management.
Forensics Analysis
Our overall methodology for delivering Computer Forensic ser-
vices is best described as a simple, four-step process: Identify,
Preserve, Analyze, Report.
Identify which computer media potentially contains evidence
based on the facts and circumstances known at the time.
Preserve that potential evidence against accidental or inten-
tional manipulation, usually by making a bit-stream mirror im-
age of the media.
Analyze the compromised assets either directly on the image
or use the image to make another copy of the media to be
examined.
Report our findings to your decision makers so that they may
take action.
incident response & forensics
u
u
u
u

2. info@rooksecurity.com // rooksecurity.com // 888.712.9531
DATA SHEET
Recovery
Depending on the course of action decided and agreed upon
by the SMK Team, our professionals will advise and assist in the
response that typically entails the following steps:
Isolate and contain the incident.
Secure affected systems by providing guidance on updating
firewall rules, modifying security configurations, etc.
Testing and analysis to verify that containment efforts
succeeded.
eDiscovery & Litigation Support
Rook has eDiscovery professionals and legal counsel partnerships
available to assist you with the resolution and mitigation of risks
associated with business conflict. From corporate compliance
and early case assessment to traditional fraud investigation and
economic analysis, we can assist with every phase of dispute
resolution, including:
u Fact finding and discovery
u Analysis and quantification of damages
u Working with counsel
u Trial preparation
u Settlement negotiation
u Expert witness testimony
Contact us to learn more about how we can provide
you 24x7x365 monitoring and incident response.
incident response & forensics
u
u
u