Cart 0
Ransomware Incident Response Retained Services Unidecrypt Recon - Forensic Triage
About Us Press Industry News
Cart 0
 

Recon - Forensic Triage

Forensic investigations can be time consuming, expensive and opaque. Coveware’s Forensic Triage solution pairs Recon, our rapid forensic collection tool, with a fully automated backend that collects, parses, and visualizes security incident data. Coveware’s SaaS platform clearly visualizes the attack path, so that the critical questions about the incident can be answered in a matter of hours, not days or weeks.

The forensic triage analysis is further enhanced by mapping common indicators of compromise to the MITRE ATT&CK framework so that clients can receive detection and mitigation advice without paying extra for security assessments. Our solutions streamline cyber incident response, which allows us to offer true forensic visibility to victimized companies of any size.

Ransomware forensic triage
 

BENEFITS OF RECON - FORENSIC TRIAGE

 

Recon
Forensic Triage

  • <24hrs

  • Deployment & Collection automated

  • Analysis & Visualization automated

  • Critical questions answered quickly

Traditional Forensic
Investigation

  • 1-4 weeks

  • Deployment and Collection Manual

  • Analysis performed manually

  • Recovery delays, slow findings

 

  • No inflated hourly estimates

  • All work priced on flat fees

  • Heavy automation for economic scale

 

  • Inflated hourly consultant SOWs

  • Moving target SOWs

  • No innovation or automation

 

  • Immediate answers to client questions

  • Visualization for non-technical clients

  • Delivery that matches customer urgency

 

  • Lack of answers

  • No visualization / poor experience

  • Delivery priorities billable hours

 

Benefits of Forensic Triage / Recon

 

Recon
Forensic Triage

  • <24hrs

  • Deyployment & Collection automated

  • Analysis & Visulization automated

  • Critical questions answered quickly

  • $5K - $10K

  • No inflated hourly estimates

  • All work priced on flat fees

  • Heavy automation for economic scale

  • Immediate answers to client questions

  • Visualization for non-technical clients

  • Delivery that matches customer urgency

Traditional Forensic
Investigation

  • 1-4 weeks

  • Deployment and Collection Manual

  • Analysis performed manually

  • Recovery delays, slow findings

  • $20K - $100K +

  • Inflated hourly consultant SOWs

  • Moving target SOWs

  • No innovation or automation

  • Lack of answers

  • No visualization / poor experience

  • Delivery priorities billable hours

Incident Triage Reporting and Analysis includes:

  • Forensic Collection Deployment Support

  • Forensic Triage Data Analysis and Visualization

  • Forensic Triage Reporting

  • MITRE ATT&CK Detection and Mitigation Advice

  • .CSV event timeline output

Recon can be manually deployed through command line, mass deployed, or co-deployed with any containment EDR product

Deploy

Recon can be manually deployed through command line, mass deployed, or co-deployed with any containment EDR product. The agent should be run on as many machines as possible, typically starting with compromised servers. Recon is non-persistent and on average, takes about 10 minutes to complete.

Scan and verify ransomware recovery

Scan & Verify Recovery

Aggregate scan output is encrypted locally before being pushed with a single command to Coveware’s secure storage. The results are decrypted, parsed, tagged by time, host, security event and MITRE ATT&CK ID. The visualized results are surfaced on Coveware’s SaaS platform for review.

Results are visualized on Coveware’s SaaS platform where they can be analyzed

Analyze

Results are visualized on Coveware’s SaaS platform where they can be analyzed and further parsed. The attack timeline is clearly presented to answer critical questions in a digestible manner. MITRE mapping offers detection and mitigation guidance for all malicious tactics observed. Coveware can provide a remediation report within hours, not days.

minimize-your-ransomware-downtime.jpg