A typical incident response from ArcherHall includes a combination of the following:

• Identification – the response team is initiated to determine the nature of the incident and what techniques and resources are required for the case.
• Containment – the team determines how far the problem has spread and contains the problem by disconnecting affected systems and devices to prevent further damage.
• Eradication – the team investigates to discover the origin of the incident. The root cause of the problem is determined and any traces of malicious code are removed.
• Recovery – data and software are restored from clean backup files, ensuring that no vulnerabilities remain. Systems are monitored for signs of weakness or recurrence.
• Recommendations – the team analyzes the incident and how it was handled, making recommendations for better future response and preventing a recurrence.