1. What data was lost and what can be restored?
Once a clean and secure infrastructure has been established, we will attempt to recover data forensically where possible from servers and drives, or restore data from the recent backups. Should backups be maintained remotely by a third party, we can facilitate the restore process with their team if desired.
2. How was the data lost?
If appropriate, once the data is restored we can assist in an investigation of the data loss. Initial interviews and software-enabled investigative techniques are used to determine whether data loss was caused by malicious code such as malware or a virus, a disgruntled employee, or another reason such as hardware failure or human error.
In the case of malicious software, the team must act quickly to neutralize the threat and prevent further data loss and propagation. The ArcherHall team will locate the source of the infection and clear the systems of viruses and malware.
3. Who did this and why?
After restoring operational integrity to the business, we can compile more detailed information such as timeline analysis and data loss mapping to help the client evaluate potential litigation, take disciplinary action, and improve security measures.