24/7 Emergency Response

Active Cyber Incident?

Our incident response team is available 24/7/365. Call now — every minute matters.

1 (866) 400-DFIR

Follow the steps below while our team is en route.

Immediate Actions

Critical First Steps

Take these immediate actions while waiting for our response team. Every decision in the first minutes of an incident affects your recovery.

DO NOT:

  • Do NOT power down affected computers — this destroys valuable volatile memory evidence
  • Do NOT delete or rename any files — this can destroy evidence, compromise investigation, and make file restoration impossible
  • Do NOT attempt to "clean" or run anti-virus software — this can alter evidence and system state, potentially making file recovery impossible
  • Do NOT restore from backups without professional guidance — this can overwrite evidence and potentially destroy any chance of recovering affected files
  • Do NOT stop a running encryptor — interrupting the encryption process could leave files in an incomplete state, making restoration impossible

DO:

  • Disconnect affected systems from the network immediately (unplug network cables / disable Wi-Fi)
  • Document any unusual behavior, error messages, or system changes
  • Take photos of any error messages or unusual screens
  • Identify and isolate any other potentially affected systems
  • Keep affected systems powered ON unless specifically instructed otherwise
Preparation

Information to Gather

While waiting for our response team, please gather the following information if readily available.

Incident Timeline

  1. When the incident was first noticed (exact date and time if possible)
  2. What symptoms or unusual behavior were observed
  3. Any recent changes or updates to affected systems

System Details

  1. Number and types of systems affected (servers, workstations, mobile devices)
  2. Hardware specifications including makes, models, and serial numbers of affected devices
  3. Network configuration and connectivity status of affected systems

Organization Information

  1. Total number of users in the organization and number of affected users
  2. Number of physical locations and which ones are affected
  3. Inventory of potentially compromised accounts (usernames, email addresses, affected systems)
  4. List of accounts that may need immediate credential changes

Business Impact

  1. Critical business functions or services currently affected
  2. Types of data potentially at risk (customer data, financial records, intellectual property)
  3. Estimated business impact and operational disruption level
Contact

Alternative Contact Methods

Call Immediately

Our 24/7 emergency line — fastest way to reach our team.

1 (866) 400-DFIR

Secure Email

For non-urgent communication or to send documentation related to the incident.