Pack 01 · Incident response · DFIR
Forensics & Incident Response (DFIR).
Contain. Investigate. Document.
When you face a cyber incident, the priority is to stop the damage and regain control — without destroying evidence. We help you structure decisions, secure traces, and produce clear findings usable for management, insurers, legal counsel, or internal governance.
Typical situations
- • Ransomware, extortion, data leak
- • Suspicious admin activity / privilege abuse
- • Email compromise and fraudulent transfers
- • Insider conflict, HR and sensitive matters
- • Cloud/SaaS compromise (M365, Google…)
- • Need evidence and timeline for legal/insurance
DRC@erebos:/# dfir --contain --collect --timeline --report
Start now
If the incident is active, use the emergency path first. If the incident is over but you need evidence and conclusions, request an investigation scope.
We prioritise evidence integrity: chain of custody, careful acquisition and documentation.
Deliverables.
Clear, usable outputs — both technical and executive-ready.
Incident timeline
What happened, when, and how the attacker moved.
Evidence package
Collections, notes and artefacts to support internal decisions or legal counsel.
Remediation guidance
Containment, eradication and resilience improvements to prevent recurrence.
Need to speak with an expert (even outside emergencies)?
We operate remotely across France, and on-site mainly in the AURA region and French-speaking Switzerland, for businesses, healthcare organizations, local authorities and regulated professions.