Post Incident Analysis (Data Exfiltration)

KordaMentha’s forensic specialists worked closely with the organisation’s IT provider to extract and interpret evidence from multiple sources. Our analysis provided a clear timeline of the breach and identified the systems and data affected.

Using our document review platform, we supported the client in reviewing the exposed data set to identify personally identifiable and confidential information. This enabled the organisation to meet its reporting obligations with confidence.

• Collaborated with IT provider to recover forensic evidence
• Analysed logs, firewall data and endpoint backups
• Identified breach timeline and method of access
• Determined platforms used by threat actor
• Pinpointed accessed and exfiltrated data
• Supported content review of exposed data
• Enabled compliance with reporting requirements

• Clear breach timeline.
• Provided visibility into when and how the breach occurred.
• Identified threat actor’s methods.
• Revealed the platforms and techniques used to access systems.
• Defined scope of data exposure.
• Clarified which data was accessed and exfiltrated.
• Supported regulatory compliance.
• Enabled accurate reporting of affected personal and confidential data.
• Strengthened client understanding.
• Delivered insights beyond initial IT provider findings.
• Enhanced incident response.
• Improved the client’s ability to manage and mitigate future risks.