Forensic Analysis


From a forensics standpoint, our trained experts will use the most advanced technology and analysis methods.

Ensure the incident or malware is contained and unable to breach additional systems
Execute detailed analysis on production systems for malware or threat actor persistence
Perform detailed forensic analysis of suspected compromised hosts
Review all event logs and provide a detailed report on current auditing procedures
Assess all network traffic and perform detailed threat analysis for potential malware command and control communications
Review all Intrusion Detection Systems (IDS) or Intrusion Prevention System (IPS) alerts for malicious activity
Perform static and dynamic malware analysis on discovered payloads executed on victim machines
Provide a detailed list of recommended remediation procedures and long-term cybersecurity enhancements

Our malicious file analysis often leads to the identification of indicators of compromise (IOCs), such as IP addresses or domains communicating with the malware, Microsoft registry key modifications, identification of child or sub-processes that have been launched, code injections, and file names or other attributes of not just the malicious payloads, but the related affected files as well. With this information, we can help you track down other instances of the attack on other systems or put preventative measures in place to block them from happening going forward.

Learn more about our Incident Response Process

View our additional IT Risk Advisory services and capabilities


Every moment counts. For urgent requests, contact the Schneider Downs digital forensics and incident response team at 1-800-993-8937. For all other requests, please complete the form below.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.