Incident Response

Rapid response is essential when confronted with an incident.

Kivu’s Incident Response enables organizations to immediately respond to an attack and eradicate it. Kivu’s unique incident response methodology integrates proprietary technology that rapidly collects data remotely, analyzes it at a centrally secure location, and allows Kivu analysts to quickly move from analysis to response and recovery. Once the immediate incident has been addressed, Kivu analysts can assess the organization’s security risks and make specific recommendations to strengthen its security operations and programs.

Kivu has nearly a decade of experience dealing with hundreds of incident response engagement every year. We have investigated and acted upon data breaches in hospitals, universities, financial institutions, and publicly traded companies globally. Our team members are certified experts in incident response and computer forensics.

Our company has global reach and we can provide local presence to serve our clients when the need arises.

Our Capabilities

Extortion & Ransomware Data Analytics Expert Witness Forensic Investigation Post Breach Assessment KECT

Cyber Extortion and Ransomware

Kivu has built an industry leading reputation combating cyber extortion and responding to cyber-crime, enabling our clients to make informed, cost-effective decisions. Our cyber extortion team includes analysts who are fluent in English, French, German, Spanish, Portuguese, Dutch, Polish, Russian, and Chinese (Mandarin). They are trained in complex negotiation procedures, and they are highly experienced in hacking techniques and protocols.

Kivu’s expertise spans denial of service, ransomware, theft of confidential information, and threat to damage network.

DENIAL OF SERVICE

Whether a stand-alone attack to force payment of ransom, or a means to disrupt and open a system for network penetration, denial of service attacks obstinately remain a threat to organizations – whether online retail, public entities, or political groups. Kivu has advised such organizations on pre-emptive safeguards, responded to their defense during attacks, and worked with partners to block malicious traffic before it even hits our clients’ networks.

RANSOMWARE

Ransomware, preventing users from accessing their files, applications or systems until the victim pays the ransom, is becoming an ever more common method of cyber extortion. Kivu’s ransomware analysts are trained negotiators who will communicate with the attackers using their native foreign language and pre-created online identities. Our analysts can provide an anonymous bitcoin payment within hours, confirm that the decryption keys provided by the attacker work correctly, and ensure that evidence regarding the attackers is preserved for law enforcement. Learn more…

THEFT OF CONFIDENTIAL INFORMATION

With significant assets held as proprietary information, organizations are constantly targeted by cyber criminals, who use sophisticated hacking techniques, social engineering, and malicious insiders. Kivu helps its clients prepare for and respond to these attacks, using lessons learned from a decade of investigating cyber-crimes.

THREAT TO DAMAGE NETWORKS

Organizations face real threats of cyber damage from hacktivists, disgruntled employees, and nation-states hackers. Kivu has responded to incidents ranging from denial of service to physical damage caused by deliberately malfunctioning industrial control systems.

Data Analytics

The rise in complex data breaches and heightened regulatory scrutiny in today’s business environment has increased the need for sophisticated and responsive solutions. Kivu’s team of professionals has a proven track record of delivering results.

Kivu’s Data Analytics team is comprised of highly skilled, certified digital forensic investigators, technology experts, and seasoned consultants, who work with an organization to recover, preserve, and analyze large volumes of digital data.

Our experts are adept at creating, hosting, migrating, and analyzing large stores of electronic information related to investigations. This data can include email (O365, Exchange, Google Business), accounting and financial record systems, sales and marketing data, human resource data, and other complex databases.

Kivu analysts work seamlessly with our clients to provide financial and other reports related to business activities in data breach matters, government investigations, and litigation disputes. Kivu personnel have testified in state and federal court on a breadth of data breach and insurance coverage cases.

Expert Witness Testimony

In many cyber crime cases, the court’s ruling may come down to an expert’s opinion, and an attorney will need the best cyber security expert witness available. Kivu has served as trusted advisors to attorneys throughout North America and Europe, for almost a decade.

Kivu personnel have testified in state and federal court in a breadth of data breach and insurance coverage cases, including: cyber security and privacy class actions, theft of trade secrets, and employment and regulatory disputes. Kivu’s analysts have provided expert opinions on reasonable standards of IT security, damage caused by malware attacks, the length of business interruptions, and preexisting conditions. We have testified regarding the significance of specific metadata, the effects of spoliation, the likelihood of unauthorized data transfer or access, and the relevance of email, text and Instant Messaging. Our opinions have covered Windows, Linux, Mac, and proprietary operating systems and platforms.

In the run-up to trial, Kivu’s experts have assisted clients by providing declarations, affidavits, and testimony at deposition. We frequently attend and advise counsel at the depositions of opposing experts.

ACTING AS NEUTRAL TECHNOLOGY EXPERTS

Kivu personnel have also served as court appointed neutrals and third-party experts in litigation and mediation. Areas of expertise have included analyzing possible spoliation, recovery of deleted data, the searching and analysis of confidential data in escrow, and advising judges and mediators on the significance of parties’ forensic findings.

Kivu’s forensic professionals’ diverse experience and backgrounds include: law firms, federal law enforcement, big four consulting firms, software development companies, IT production environments, and in-house IT departments. Resumes of Kivu’s experts, including the cases where they have testified, are available upon request.

Forensic Investigation

In the aftermath of a cyber incident, it is essential to immediately isolate the impacted systems and identify the hosts involved. Kivu has developed a proprietary forensic methodology that allows specific identification of the affected systems, rapid and thorough forensic analysis, and a protocol to assist clients in remediating their networks.

The Kivu Digital Forensic Lifecycle considers forensic analysis as a business process in which the forensic examination enables our clients to build a stronger infrastructure for detecting and avoiding new threats.

Kivu’s digital forensic analysis provides a detailed account of digital evidence, including a timeline for the event on the host, which results in actionable indicators that can be used by our intrusion detection analysts to identify other compromised hosts throughout the enterprise. Kivu’s experts use established computer forensics techniques, intrusion analysis, and malicious code analysis capabilities to thoroughly assess the system and methods used for the incident.

Kivu is unique in understanding the legal implications of an intrusion, and can advise our clients on the technical and practical challenges of digital forensics. Our team of professionals has testified as expert witnesses throughout North America and Europe. Our professionals are experienced in the forensic analysis and extraction of data from all Windows, MAC and Linux operating systems, all commercial mail clients and servers, and all commonly used mobile phone devices.

Our people, processes and advanced technology are discretely adapted to each client’s specific needs.

Post Breach Risk Assessment

Post breach cyber investigations couple traditional investigative skills with the use of sophisticated software and forensic analytic techniques to track suspects and recover evidence. Since cyber investigations could easily cross nation-state boundaries, knowledge of international legal systems and privacy standards becomes crucial to successful outcomes.

Kivu analysts are experienced in providing confidential, discrete post breach risk services to protect our clients throughout the globe. Kivu’s unique incident response methodology collects data remotely, allowing Kivu analysts to quickly move from analysis to response and recovery.

Key factors in Kivu’s post breach cyber investigation may include:

The nature and extent of the systems and data involved in the breach
Determining the true identify of anonymous attackers
Whether data was actually acquired or viewed, and if so, to what extent
Preserving and collecting evidence using local law enforcement standards
Legally monitoring and collecting evidence while in transit from websites, message boards, and social media sites
Advising the client of US and international privacy laws and notification requirements for violations of privacy
Determining the extent to which the risk of future incidents has been mitigated

Our post incident breach risk assessment is adapted to uniquely serve every organization’s needs.

PREVENTING FURTHER BREACHES

Many of Kivu’s cyber investigation clients decide to take advantage of our Risk Management And Prevention Services. Our team can evaluate the soundness of an organization’s technical environment, as well as the human behavior that can either prevent or lead to an incident.

KECT

Cyber incidents continue to increase, as malicious actors employ unprecedented sophistication and scale to penetrate organizational networks. These attacks typically utilize technologies that bypass standard perimeter defenses. Perpetrators can plant highly engineered malicious software to extract data and manipulate systems, undetected by traditional sensors.

Kivu has developed a proprietary technology tool, Kivu Enterprise Collection Tool (KECT), which can scan IT systems remotely to collect forensic data. KECT was engineered to efficiently and effectively identify the Indicators of Compromise (IOC), enabling Kivu analysts to quickly identify and resolve cyber incidents.

KECT is secure, self-contained and fast. It does not install any software on the client’s systems or restrict bandwidth. KECT works by scanning networks to collect the most valuable data points, and then immediately responds with statistical analysis at a secure centralized location. KECT is able to vigilantly monitor the changing Tactics, Techniques and Procedures (TTP) used by the most sophisticated attackers.

What KECT offers Kivu’s clients:

Lower incident response costs – Because all necessary data is collected remotely, no onsite Kivu personnel are required
Fast analysis – KECT can scan large corporate networks in less than 60 minutes
Low client impact – KECT requires no software installation at the client site, nor calibration, and it uses minimal bandwidth consumption
Highly effective solutions – KECT isolates previously unidentified Indicators of Compromise to reveal exploited vulnerabilities

Kivu is constantly innovating, bringing the best solutions in both technology and analytic processes to our clients throughout the globe.

Additional Information About Our Services

KIVU ENTERPRISE COLLECTION TOOL

KECT is an agentless tool which scans networks, detecting vulnerabilities and existing threats, collecting crucial forensic data for further analysis.

Download PDF >