Forensics & Incident Response

From ransomware to cloud email breaches, Field Effect’s services can help you identify, isolate and resolve cyber security incidents in a timely manner.

OverviewExpert Assistance

Our analysts have decades of experience in cyber security, and have defended some of the largest and most secure networks in the world. We use that depth of experience and context to identify and explain the source of an incident and importantly, provide mitigation advice and guidance to improve things so that it doesn’t happen again.

If you require immediate help with an incident, please email

Malware and Ransomware

We have experience identifying and restoring systems affected with malware, including ransomware on Windows, OS X and Linux.

Our analysis and remediation services focus on how the system was infected, ensuring no other systems are affected, and specific guidance on how to prevent similar incidents in the future.

Network Analysis and Forensics

Our network analysis capabilities provide independent visibility into other potentially malicious behaviour on your network related to an incident.

We have helped customers quickly identify other infected hosts, system misconfigurations including open firewalls, as well as other ongoing attacks on their infrastructure.

Spear Phishing Investigations

Spear phishing remains one of the most common threat vectors affecting business networks today.

We know the process, procedures and nuanced behaviours attackers use on a daily basis to achieve their objectives, and know how to help you identify what happened, whether other users on your network might be affected, and if there are other network or endpoint security concerns to be aware of.

Cloud Service Breaches

Cloud services such as Microsoft’s Office365 and Amazon AWS represent an increasing part of the average corporate network.  Attacks on these systems, including credential theft, are no less common.

We’re skilled at working with these types of systems to provide incident response capabilities, ensuring the system is securely configured, and your business is operating as quickly as possible.

Context is everythingExperienced

Insight into the significance of a minor anomaly or disk image detail is essential to identifying malicious activity and reconstructing a cyber security event. This type of insight is only developed through years of experience studying, understanding, and resolving cyber security incidents in many different environments – small business, to large enterprise and government.

Our experience provides a perspective into incidents that others might miss.  Familiarity and continued exposure with the many classes of cyber threat means that you benefit from our ability to identify similar incidents and provide recommendations we know are effective.

Our advantageCustom Tools and Techniques

We’re analysts at Field Effect and use best in class tools, but we’re also developers. This means we’re able to build capabilities that aren’t otherwise available, and to automate our tradecraft – meaning faster, cost effective analysis for our customers.

Our tools provide the ability to analyze logs, disks and other data, as well as reproduce and simulate threats to research and confirm hypotheses. In some cases, we provide custom tools to our clients for incident response and cleanup, or simply to identify and gather data necessary for a case to proceed. Working with Field Effect means you get the best in breed in both analytics as well as technology.