1 (866) 400‑DFIR (3347) [email protected]

24/7 Emergency Response Line

1 (866) 400‑DFIR (3347)

Our incident response team is available 24/7/365. Follow the steps below while our team is en route.

Critical First Steps

IMPORTANT: Take these immediate actions while waiting for our response team

DO NOT:

  • Do NOT power down affected computers - this destroys valuable volatile memory evidence
  • Do NOT delete or rename any files - this can destroy evidence, compromise investigation, and make file restoration impossible
  • Do NOT attempt to "clean" or run anti-virus software - this can alter evidence and system state, potentially making file recovery impossible
  • Do NOT restore from backups without professional guidance - this can overwrite evidence and potentially destroy any chance of recovering affected files
  • Do NOT stop a running encryptor - interrupting the encryption process could leave files in an incomplete state, making restoration impossible

DO:

  • Disconnect affected systems from the network immediately (unplug network cables/disable Wi-Fi)
  • Document any unusual behavior, error messages, or system changes
  • Take photos of any error messages or unusual screens
  • Identify and isolate any other potentially affected systems
  • Keep affected systems powered ON unless specifically instructed otherwise

Information to Gather

While waiting for our response team, please gather the following information if readily available:

Incident Timeline

  • When the incident was first noticed (exact date and time if possible)
  • What symptoms or unusual behavior were observed
  • Any recent changes or updates to affected systems

System Details

  • Number and types of systems affected (servers, workstations, mobile devices)
  • Hardware specifications including makes, models, and serial numbers of affected devices
  • Network configuration and connectivity status of affected systems

Organization Information

  • Total number of users in the organization and number of affected users
  • Number of physical locations and which ones are affected
  • Inventory of potentially compromised accounts (usernames, email addresses, and affected systems)
  • List of accounts that may need immediate credential changes

Business Impact Assessment

  • Critical business functions or services currently affected
  • Types of data potentially at risk (customer data, financial records, intellectual property)
  • Estimated business impact and operational disruption level

Alternative Contact Methods

Secure Email

For non-urgent communication or to send documentation:

[email protected]

Secure Communications

For immediate text communication:

SMS 1 (866) 400‑DFIR (3347)