Incident Response

Structured analysis and documentation of active and recent cyber incidents — from account breaches to server compromises and malware events.

Start a Case Ask a Question
Service Overview

Incident Response

When a cyber incident occurs — a breach, unauthorized account access, website compromise, or malware infection — the first hours are critical. Proper documentation and analysis at the outset preserves evidence and supports remediation efforts.

ASG Forensics provides incident response support focused on analysis, documentation, and structured reporting. We assess what occurred, identify indicators of compromise, document the event timeline, and prepare a formal incident report for internal use, regulatory requirements, or third-party submission.

We offer emergency intake for active incidents. Initial assessment responses are provided within 24 hours. For complex active incidents, response scope is confirmed after initial intake review.

What We Analyze

Scope of Analysis

Account access logs and authentication records

Server access logs and web server logs

Email header analysis for BEC incidents

Malware behavior and propagation indicators

Website/CMS tampering and file modification review

Network traffic patterns (from provided logs)

Indicators of compromise (IOCs) documentation

Timeline reconstruction from available evidence

Process

How It Works

01

Emergency Intake

Submit through our priority intake form for active incidents. Describe the nature of the incident, when it was discovered, and any initial indicators observed.

02

Triage Assessment

Initial assessment completed within 24 hours. Analysts review submitted information, classify the incident type and severity, and outline the response scope.

03

Evidence Collection & Preservation

Client-provided logs, screenshots, access records, and relevant data are reviewed and organized. Guidance provided on what to preserve from your systems if the incident is ongoing.

04

Incident Analysis

Detailed review of available indicators, access patterns, and timeline. Identification of compromise vectors, affected systems, and scope of unauthorized activity.

05

Report & Recommendations

Structured incident report prepared with findings, IOC documentation, timeline, and remediation guidance. Delivered via client portal.

FAQ

Frequently Asked Questions

How quickly do you respond to emergency incidents?
Emergency intake submissions are acknowledged within 24 hours. Initial triage assessment is completed within 24–48 hours of intake confirmation. Full incident analysis timelines depend on scope and evidence volume.
Can you help with active incidents?
We provide remote analysis support for active incidents based on information you provide. We do not perform live on-system work. Guidance on evidence preservation and immediate containment steps is included in the triage response.
What do I need to provide for incident response?
System logs, screenshots, access records, email exports, and any indicators you have already identified. The more detail provided, the more comprehensive the analysis. We will guide you on what to collect after intake review.
Do you provide remediation services?
Our incident response service focuses on analysis and documentation. Specific technical remediation (patching servers, rebuilding systems) is outside our scope. However, our reports include clear recommended steps which your IT team or a technical vendor can act upon.
Can the incident report be used for regulatory compliance?
Yes. Incident reports are structured to support regulatory notification requirements, internal compliance records, and insurance claims. Consult legal counsel for jurisdiction-specific regulatory obligations.
Who Needs This
Businesses experiencing unauthorized system access
Individuals whose accounts have been compromised
Organizations facing ransomware or malware incidents
Website and server breach victims
Businesses with business email compromise (BEC) incidents
Organizations with regulatory incident reporting requirements
Anyone requiring a structured incident analysis record
Deliverables
Incident analysis report
Indicators of compromise (IOC) documentation
Event timeline with evidence references
Access and breach scope assessment
Recommended containment and remediation steps
Regulatory/compliance incident summary
Verifiable document ID

Ready to Proceed?

Submit your case details securely and receive an initial assessment within 24–48 hours.

Start Investigation View Pricing
Get Started

Need This Service?

Contact our team or submit a case intake to get started. Initial response within 24–48 business hours.

Open a Case All Services
Open Case