After an incident is contained, the natural next question is 'what actually happened here?' We answer that clearly, in a way you can act on and, if needed, report on.
A clear, chronological account of how the incident unfolded, from initial access to detection.
What systems and data were actually accessed or affected, distinguished from what was merely at risk.
The specific vulnerability or gap that allowed the incident, so it can be permanently closed.
A written report suitable for internal review, insurance, legal counsel, or regulatory notification requirements.
Without a clear root cause analysis, organizations often fix the visible symptom and remain vulnerable to the same attack path. This is about making sure that doesn't happen.
For most small-business incidents, our analysis covers what's needed for remediation and reporting; if formal legal-grade forensics are required, we help coordinate that with specialized forensic firms.
Initial findings are typically available within days; a full written report follows shortly after, depending on complexity.
Book a free intro call and we'll talk through your specific setup, no pressure either way.