Digital Forensics and Incident Response (DFIR)

Do you want to prepare your organization to be able to thwart cyber attacks? Do you need external specialists to be able to counter an attack? Using our DFIR service you will benefit from our guaranteed availability and response time, as well as the permanent availability of specialists and expert panels. In order for us to minimize the reaction time at the very outset, we have an onboarding process for new customers. We can also run tabletop exercises with you so that your company’s detection and readiness to counter such threats can be improved. 




The onboarding process enables our DFIR specialists to respond to an incident promptly and that they are provided with all the necessary resources that would allow them to begin analyzing an incident. The key requirements are settled in advance, emergency contacts will be established.

Among other points, the following are clarified:

  • Who are your emergency contacts?
  • How are incidents reported and logged?
  • How is the response team’s progress to be communicated and how are these details to be shared?
  • Where are your company’s premises and what is the site of operation? 
  • What access controls are in use?
  • Important documentation/concepts and network topologies are made available

Expert Panel 

Our customers are free to have their incident discussed with a Compass specialist in order to triage an incident. Customer questions are discussed and reviewed. Additionally, initial emergency countermeasures can be discussed and then implemented by the customer.


Tabletop simulation allows us, together with the customer to exercise a scenario from a list of Compass incidents. The scenario selected uses real elements, e.g. the correct and timely triggering of an alert or going through a customer’s log files. This allows one to check whether the emergency contacts know the procedure for the scenario selected and particularly whether they understand or know their own responsibilities in detail and can also carry these out. Additionally, this process can help to reveal any shortcomings in your readiness to respond to incidents and these can be optimized as required. This is an important step in ensuring an effective and efficient running of this collaboration. Subsequently, the results are discussed with the customer and an action item list is drawn up. We are therefore able to support our customers in the ongoing process of optimizing their forensic readiness plans.


You will receive support in clearing up computer emergencies or cybercrimes. To this end, we are not just there to provide assistance for your procedures and countermeasures, but also take active charge for the analysis and evaluation of collected evidence. These findings are also given to the customer as a report or log file.

We are more than happy to present our services and possible solutions in person. Do not hesitate to get in touch.

Your contact person


Securing Industrial IoT

On August 29, 2019, experts from research and practice will meet in Bremen to discuss how industry companies and CIP operators can actively protect... Read more

Beer-Talk #20 in Berlin: Keep Calm and Dump Your Memory

Cybercriminals are constantly finding sophisticated ways to infect computers or mobile devices with malware. What you should NOT do (and why) if your... Read more

Cyber Risks – from abstract risk to everyday reality

The Europa Institut at the University of Zurich (EIZ) is one of the leading centres of expertise for European Law and is an important provider of... Read more



Vulnerability in "The Scheduler" Plugin for Jira

Thierry Viaccoz has identified an XML External Entity (XXE) vulnerability in "The Scheduler" plugin for Jira. Read more

Vulnerability in the Email+ iOS Application from MobileIron

Sylvain Heiniger has identified a "Cleartext Storage of Sensitive Information" vulnerability in the MobileIron application Email+. Read more

Vulnerabilities in Universal Automation Center (UAC)

Michael Fisler and Felix Aeppli have identified vulnerabilities in the Universal Automation Center (UAC). Read more


Compass Security Blog

Privilege escalation in Windows Domains (2/3)

This second article about privilege escalation in Windows domains describes how to propagate by aiming for passwords that are lying around. mehr

Privilege escalation in Windows Domains (1/3)

This first article of our series about privilege escalation in Windows domains demonstrates how to get a foothold by relaying credentials from users. mehr