Digital Forensics and Incident Response (DFIR)

Do you want to prepare your organization to be able to thwart cyber attacks? Do you need external specialists to be able to counter an attack? Using our DFIR service you will benefit from our guaranteed availability and response time, as well as the permanent availability of specialists and expert panels. In order for us to minimize the reaction time at the very outset, we have an onboarding process for new customers. We can also run tabletop exercises with you so that your company’s detection and readiness to counter such threats can be improved. 


The onboarding process enables our DFIR specialists to respond to an incident promptly and that they are provided with all the necessary resources that would allow them to begin analyzing an incident. The key requirements are settled in advance, emergency contacts will be established.

Among other points, the following are clarified:

  • Who are your emergency contacts?
  • How are incidents reported and logged?
  • How is the response team’s progress to be communicated and how are these details to be shared?
  • Where are your company’s premises and what is the site of operation? 
  • What access controls are in use?
  • Important documentation/concepts and network topologies are made available

Expert Panel 

Our customers are free to have their incident discussed with a Compass specialist in order to triage an incident. Customer questions are discussed and reviewed. Additionally, initial emergency countermeasures can be discussed and then implemented by the customer.


Tabletop simulation allows us, together with the customer to exercise a scenario from a list of Compass incidents. The scenario selected uses real elements, e.g. the correct and timely triggering of an alert or going through a customer’s log files. This allows one to check whether the emergency contacts know the procedure for the scenario selected and particularly whether they understand or know their own responsibilities in detail and can also carry these out. Additionally, this process can help to reveal any shortcomings in your readiness to respond to incidents and these can be optimized as required. This is an important step in ensuring an effective and efficient running of this collaboration. Subsequently, the results are discussed with the customer and an action item list is drawn up. We are therefore able to support our customers in the ongoing process of optimizing their forensic readiness plans.


You will receive support in clearing up computer emergencies or cybercrimes. To this end, we are not just there to provide assistance for your procedures and countermeasures, but also take active charge for the analysis and evaluation of collected evidence. These findings are also given to the customer as a report or log file.

We are more than happy to present our services and possible solutions in person. Do not hesitate to get in touch.

Your contact person


CodeMash 2019, Sandusky/Ohio

CodeMash - a unique event for developers Read more



Fast and competent support in case of cyber incidients

The editorial staff of the Unternehmerzeitung has taken up the topic of cyber security again and in an interview sheds light on how the cooperation... Read more

Vulnerability in HADatAc Framework

Lukasz D. has identified a remote code execution vulnerability in the Human-Aware Data Acquisition (HADatAc) framework. Read more

HSR opportunities and risks of the digitalization - what it means to the job market in the ICT industry

In the advanced training course BSLB / RAV / IV of the HSR Hochschule für Technik the topic "Opportunities and risks of digitalization and the labour... Read more


Compass Security Blog

Substitutable Message Service

Have you ever said something and later regretted it? Or written an email to someone and then wished it had not happened? Or sent an SMS message but afterward desired to change its content? Well,... mehr

Hidden Inbox Rules in Microsoft Exchange

Contents Introduction Attack Overview Step-by-Step Detection Email Clients Administration Tools Exchange Compliance Features MAPI Editor Eradication Microsoft Security Response Center Swiss Cyber... mehr