Home
Data Security
Forensics

Incident Response — Forensics

Quickly recover from a breach.

Jump to Section
Summary
Features
How it Works
FAQ
Resources
Why SM

SecurityMetrics Payment Card Industry (PCI) Forensic Investigators work with merchants in all industries. With over 20 years of experience, they lead the industry in their specialized knowledge.

SecurityMetrics' Forensic Investigators have performed over 500+ forensic investigations

Features

Quickly contain compromise

Often, organizations don't have the manpower needed to properly evaluate security incidents. This leads to gaps in security and a potential breach. That's why we work to minimize breach impact and maintain your reputation.

SecurityMetrics' Forensic Investigators have performed over 500+ forensic investigations. Using years of experience and expert tools, we provide a fast recovery solution. Forensic investigators work with you in confidence to identify all exposure points. If you experience a breach, SecurityMetrics forensic investigators offer post-incident support so you can make a full recovery.

Recover from a breach

If you have experienced a breach, you are likely worried about incurring fees/fines as well as protecting your reputation and customer card data.

SecurityMetrics can help you avoid a full PFI investigation by conducting a thorough Incident Response and communicating directly with SecurityMetrics acquirer contacts. This helps you save valuable time and money while getting back to business sooner.

Forensics solutions

If you've been notified by your card brand of a potential breach, it's important to act quickly. SecurityMetrics Forensic Packaging is a precise approach to efficiently discovering the cause of a breach and identifying what needs to be remediated. If you choose SecurityMetrics for your Forensic Packaging, you will receive a detailed report, security consultation and advice, and the training you need to prevent a future breach.

Shopping Cart Inspect

As an ecommerce business owner, you know how important it is to keep your website up and running. Use SecurityMetrics Inspect to diagnose and protect your ecommerce shopping cart from an ecommerce skimming attack.

PCI forensic investigation

If you've suffered a breach, you likely have card brand PCI obligations. SecurityMetrics Forensic Investigators are trained in PCI Forensic Investigation and will work with you, step-by-step, to remediate.

SecurityMetrics consulting

You have deadlines. We have solutions. SecurityMetrics offers timely, affordable, and comprehensive information security consultations to help your organization comply with industry mandates, secure business networks, and achieve data security goals.

Table-Top exercises

SecurityMetrics Forensic Investigators will help your organization perform table top exercises, so you can practice real-life scenarios and perfect your staff's response.

Compromise assistance forensics

SecurityMetrics helps you limit your window of compromise by containing your breach quickly and decreasing the amount of sensitive data that is captured and exfiltrated.

Post-breach training

SecurityMetrics analyzes and interprets the available forensics data to discover how, where, and when the breach occurred, as well as the vulnerabilities that allowed the breach to happen. Using this data, you will be trained on how to prevent a breach in your network again.

Two computer forensic analysts work in a server room

Save valuable time and money while getting back to business sooner

Forensics FAQs

How does a forensic investigation work?

Here are the typical actions a forensic investigator would take:

Preliminary research: Forensic investigations begin with some research on the company. The PFI needs to “scope” out the merchant’s environment, finding out where critical data resides, the systems that connect to it, and how the data flows in and out of the network.

Onsite data gathering: The forensics team then goes onsite and gathers data from identified devices.

Analysis: The investigation team brings the data back to their headquarters and analyzes it thoroughly to confirm whether a data breach actually occurred, determine what data the attacker was able to steal, and discover which vulnerabilities were exploited in the breach.

Reports: About a week after the initial data acquisition, the investigator will issue a short preliminary report that shows whether or not they’ve discovered any indicators of compromise or other overt evidence of a data compromise. After the forensic data has been fully analyzed, the investigator will submit a complete final report that includes how the attack happened, which vulnerabilities were exploited, and what data was at risk.

How much does a forensic investigation cost?

Forensic investigations can be costly.  However, remember that the investigation involves one or more PFI’s examining a mountain of data.

The cost will depend on the size of your organization; the larger your organization, the more data you likely have that will need to be examined.

What is an incident response plan?

An incident response plan is a documented, written plan with 6 distinct phases that helps IT professionals and staff recognize and deal with a cybersecurity incident like a data breach or cyber attack. Properly creating and managing an incident response plan involves regular updates and training.

A well-executed incident response plan can minimize breach impact, reduce fines, decrease negative press, and help you get back to normal operations more quickly.

Here's a helpful blog that goes over the six phases of incident response.

What should I include in my incident response plan?

While every organization needs varying policies, training, and documents, there are a few itemized response lists that most organizations should include in their incident response plan, such as:

  • Emergency contact/communications list
  • System backup and recovery processes list
  • Forensic analysis list
  • Jump bag list
  • Security policy review list

Check out this helpful handout here that goes into more detail about what should be included in your incident response plan.

What should I do if I'm breached?

The bare minimum of what to do when you get hacked:

  1. Change passwords immediately on all systems and routers.
  2. Disable remote access.
  3. Preserve firewall logs and current settings. Then restrict traffic to business critical servers and ports. Systems that process credit card data for authorization and settlement (either back office server or point of sale systems) should be restricted to only communicate outside with the payment gateway.
  4. If an ecommerce site is breached, preserve any altered pages.
  5. Update your antivirus tools and run malware scans on all devices in the card data environment. (Quarantine any findings—do not delete)
  6. Save log files.
  7. Save a copy of malware and malware log files on a quarantined external drive (if discovered).
  8. On Linux systems, copy as much of the bash_history files for all accounts as possible.
  9. Under the direction of a PFI, and only if you have the IT skill, make a forensic image of the system before wiping and installing a new system.
  10. Document all changes with the date and a description of the actions taken.
  11. If you re-image your systems or switch to new devices, only install software from known “clean” images.
  12. Engage a security consultant (preferably a PFI or QSA) to preserve the compromised environment for future data breach review.

You can also get more information by checking out this blog on the six phases of responding to a breach.

Resources

The following are related resources that we have prepared for you. Find more answers to your questions in our Learning Center.

download
Forensic Investigations
Data Sheet
newsmode
How to Effectively Manage a Data Breach
White Paper
newsmode
Resolving a Suspected Breach
white paper
download
Ecommerce Website Spoofing and Unauthorized Third-Party Resellers
White Paper
newsmode
Ecommerce Security Trends
Infographic

Why choose SecurityMetrics?

docs
Detailed investigation reports
Once your investigation is finalized you will receive a detailed report on your compromise to share with appropriate parties.
sell
Straightforward pricing
SecurityMetrics pricing is simple– your scope is evaluated based on your needs and you're given a custom quote, avoiding unnecessary add-on charges.
arrow_upward
Higher standard of service
SecurityMetrics makes it a priority to inform and educate to ensure you know how to quickly recover from a breach while answering any questions you have along the way.
build_circle
Advanced proprietary tools
As technology changes and the criminal toolkit expands, SecurityMetrics continually adjusts and creates new tools that analyze cyber landscapes to help you recover from a compromise.
zoom_in_map
Minimize damage
SecurityMetrics provides an initial consultation on immediate steps you should take to stop the loss of payment card data, protected health information, or other sensitive data to minimize the damage to your business and customers.
troubleshoot
In-depth analysis
As technology changes and the criminal toolkit expands, SecurityMetrics continually adjusts and creates new tools that analyze cyber landscapes to help you recover from a compromise.

Recognition for Outstanding Work

SecurityMetrics has worked hard over the years to provide outstanding products and services. Here are some of the awards the team has won.

The Golden Bridge Award 2020 Gold logo
Global Infosec Award Winner 2024 Logo
Cybersecurity Excellence Award Winner 2023 Logo

20+ years of experience

QSA | PFI | ASV | P2PE | SSF | SLC | 3DS | QPA | PCIP

PCI Qualified Security Assessor logo
HITRUST Authorized CSF Assessor logo
CISSP logo
HCISPP logo
CISA logo

See how we've helped our clients succeed

When you succeed, we succeed. That's why we pay such close attention to detail and provide award-winning support. Let's work together!

TESTIMONIALS

The relevance of ensuring proper ecommerce website security and protecting card holder data continues to be paramount for our organization, and we could not manage this process better without the reporting tools and excellent technical expertise provided by SecurityMetrics.

Jason Drake
Premiere Sports Travel

SecurityMetrics is an integral part of the team in our PCI program. We depend on the assessors to make sure that we stay on the compliance track. They do it with developing relationships across campus, discussing upcoming projects or application changes, and being available to us for consulting. They are knowledgeable, helpful and help us keep the campus engaged by their friendly demeanors.

Robbyn Lennon
University of Arizona

We have been customers of SecurityMetrics for about eight years. We are so impressed with the patient and professional way that their staff treats customers. They do not hurry, seem tired, act annoyed or too busy to work with their customers. Every person I spoke to was great!

Naomi Christman
The ProImmune Co, LLC

SecurityMetrics is the most retail friendly solution. At the small business level, frequently the person that has to interface with the tool is an owner or someone who has financial responsibility, but they may not necessary be technically savvy with using online tools. We believe SecurityMetrics meets that need better than anyone else we've seen.

Steve Methvin
Bozzutos

SecurityMetrics' Pen Testing has definitely helped us improve our network security in ways I could have never imagined. You just don't know what you don't know. I am absolutely confident in their team's abilities and my experience has led me trust them implicitly as a security partner. Their depth of understanding is impressive, and their professionalism is unmatched.

Morgan Leppink
Internet Ticketing Systems

We’ve been using SecurityMetrics for our onsite PCI audits for more than 10 years now. We have continued to come back and return to SecurityMetrics due to the value that has been supplied by them. SecurityMetrics has been around long enough now and they’ve been one of the top providers when it comes to PCI compliance, that I know they’re in it for the long haul.

Dawn Martinez
SVP, NewTek Merchant Solutions

Find out how to recover from a data breach

Request A Quote
Stay up to date
Subscribe to our blog.
Subscribe Now
Data Security
Vulnerability ScanningPenetration TestingSecurity TrainingPANscan®SecurityMetrics VisionSecurityMetrics MobileCIS Controls AssessmentConsultingResellerForensic/Incident ResponseData and Network SecurityData Security AcademyWebpage Integrity Monitoring (WIM)Shopping Cart InspectShopping Cart Monitor (PCI 6.4.3 & 11.6.1)SecurityMetrics Pulse
Compliance
GDPR CompliancePCI CompliancePCI DSS AuditPCI Level 4 ProgramPA-DSS/SSF AuditP2PE AuditPIN Security AssessmentPCI PoliciesPCI TrainingHIPAA ComplianceHIPAA PoliciesHIPAA TrainingHealth Network ProgramHITRUST
Company Info
About UsBlogGlossaryMedia RelationsCareersTerms of UsePrivacyAbuseDo Not Sell My Information
Contact
Contact UsReport a Vulnerability
SecurityMetrics podcast logoLinkedIn logoFacebook logo
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy PolicyTerms and Conditions
Your IP Address is:
YouTube logoSecurityMetrics podcast logoLinkedIn logoFacebook logo
Subscribe to our blog
Subscribe Now
© 2001–2025 SecurityMetrics, Inc.
All rights reserved.
Privacy Policy
|
Terms and ConditionsAbout us
|
Your IP Address is:
000.000.000.000