Digital Forensics and Incident Response (DFIR)

Do you want to prepare your organization to be able to thwart cyber attacks? Do you need external specialists to be able to counter an attack? Using our DFIR service you will benefit from our guaranteed availability and response time, as well as the permanent availability of specialists and expert panels. In order for us to minimize the reaction time at the very outset, we have an onboarding process for new customers. We can also run tabletop exercises with you so that your company’s detection and readiness to counter such threats can be improved. 




The onboarding process enables our DFIR specialists to respond to an incident promptly and that they are provided with all the necessary resources that would allow them to begin analyzing an incident. The key requirements are settled in advance, emergency contacts will be established.

Among other points, the following are clarified:

  • Who are your emergency contacts?
  • How are incidents reported and logged?
  • How is the response team’s progress to be communicated and how are these details to be shared?
  • Where are your company’s premises and what is the site of operation? 
  • What access controls are in use?
  • Important documentation/concepts and network topologies are made available

Expert Panel 

Our customers are free to have their incident discussed with a Compass specialist in order to triage an incident. Customer questions are discussed and reviewed. Additionally, initial emergency countermeasures can be discussed and then implemented by the customer.


Tabletop simulation allows us, together with the customer to exercise a scenario from a list of Compass incidents. The scenario selected uses real elements, e.g. the correct and timely triggering of an alert or going through a customer’s log files. This allows one to check whether the emergency contacts know the procedure for the scenario selected and particularly whether they understand or know their own responsibilities in detail and can also carry these out. Additionally, this process can help to reveal any shortcomings in your readiness to respond to incidents and these can be optimized as required. This is an important step in ensuring an effective and efficient running of this collaboration. Subsequently, the results are discussed with the customer and an action item list is drawn up. We are therefore able to support our customers in the ongoing process of optimizing their forensic readiness plans.


You will receive support in clearing up computer emergencies or cybercrimes. To this end, we are not just there to provide assistance for your procedures and countermeasures, but also take active charge for the analysis and evaluation of collected evidence. These findings are also given to the customer as a report or log file.

We are more than happy to present our services and possible solutions in person. Do not hesitate to get in touch.

Your contact person


Beer-Talk #18 in Berlin: How to pwn a Global Player in two days

Thanks to greater financial and personal resources, large companies are better equipped against hacking attacks than smaller companies and startups.... Read more

Beer-Talk #27 in Zurich: WiFi Open to WPA3

WiFi is omnipresent, but the networks often have weaknesses. Does the WPA3 standard provide additional defenses? We will show you whether the WiFi... Read more

5. Digital Real Estate Summit 2019

The place to meet the digital real estate industry. Read more



Vulnerability in mod_auth_openidc module

Mischa Bachmann has identified a reflected cross site scripting (XSS) vulnerability in the mod_auth_openidc module for the Apache 2.x HTTP server. Read more

Compass Security supervises scientific work

Compass Security volunteers as supervisor for academic work and studies relating to information security. Read more

Vulnerability in the Siemens SICAM A8000 Series web interface

Emanuel Duss and Nicolas Heiniger have identified an XXE vulnerability in the web interface of the Siemens SICAM A8000 Series. Read more


Compass Security Blog

XSS worm – A creative use of web application vulnerability

In my free time, I like to do some bug bounty hunting. For some reasons, I’ve been doing this almost exclusively for Swisscom. One of the reason is that the scope is very broad and I like to have this... mehr

Substitutable Message Service

Have you ever said something and later regretted it? Or written an email to someone and then wished it had not happened? Or sent an SMS message but afterward desired to change its content? Well,... mehr