Incident Handling is the core service provided by NTTDATA-ES-CERT, in order to provide an effective response to information security threats making use of well-defined and structured processes. We provide full support and communication with the affected personnel during the whole process to ensure an efficient and adequate response. As a summary of the stages, our incident response service usually follows:

• Reporting (reception of the incident by our operators).
• Registration of the incident in the system for tracking.
• Identification and classification.
• Prioritization.
• Initial investigation and containment.
• Incident tracking
• Escalation to Level 2/3 expert team members (if required).
• Forensic cases (managed by the Forensic Investigation service).
• Malware cases (managed by the Malware Analysis service).
• Resolution, reporting and closure.

This service is usually provided from our CERT installations, but if the scenario requires it so, our team is ready and available to provide response services on-site on remote offices or even on client installations, as well as supporting the collaboration with other IT and incident recovery teams.

Artifacts can be defined as “digital fingerprints”, generated by users after using a software or operating system. The Handling of Artifacts is a key activity in any forensic investigation, ensuring in all stages their integrity and confidentiality.

The incident response team has established its own testing laboratory, including isolated sandboxing environments simulating common corporate systems and devices, to test newly discovered malware or suspicious files/documents and determine their nature.

These analysis result in the generation of reports containing in-depth details on the behavior and actions carried out on the system (file creation, accesses, modifications, downloads, connections established, etc.).

• Generation of reports detailing analyzed malware.
• Definition of counter-measures and mitigation activities to protect against discovered malware.
• Collaboration and information exchange with other security organizations, clients and vendors.

Complementary to our Incident and Artifact Handling services, we provide a specialized forensic service on-demand to our organization and clients to manage investigations related to suspected criminal activities or misdoings. Forensic services include systems, RAM, network and data recovery. Includes (but not limited to):

• Forensic evidence collection.
• Compliance with applicable laws and regulations.
• Tight controls to guarantee the Chain of Custody.
• Can provide judicial validity for trials.

Fast response service to detect and identify malicious code, malware infections and new threats, complementary to our core Incident and Artifact Handling processes. This service focuses on providing:

• Proactive malware detection and deep inspection services.
• Preventive malware identification and analysis.
• Client support on mitigation and resolution measure application.