Digital Forensics & Incident Response

Digital Forensics &
Incident Response

Digital Forensics and Incident Response is covering topics such as collecting and securing digital evidence, performing analysis after breaches and recovering deleted data.

Get a quote

Report an Incident

If your organization needs assistance for a possible incident or security breach, please contact our incident response team at (PGP, RFC 2350).

Know our SOC / CERT


We offer both ad hoc assistance during incidents and a proactive service of constant 24/7 monitoring of IT resources in terms of cybersecurity (threat intelligence and threat hunting using RedEye) and immediate response to incidents (computer forensics and intrusion analysis). We invite you to familiarize yourself with the SOC-as-a-Service service offered by our Security Operations Center (SOC) team.

Computer Forensics

We offer expert services in computer forensics especially related to cybersecurity meaning DFIR (Digital Forensics and Incident Response). We have a status of IT Expert Witness in Poland, and have taken part in securing evidence on crime scenes. We use highly specialized equipment and commercial tools to perform our forensics analysis.

Incident response (CERT, CSIRT)

REDTEAM.PL CERT is a recognized incident response team and a member of the largest organization Trusted Introducer that brings CERT teams together. As a CERT (Computer Emergency Response Team) known also as a CSIRT (Computer Security Incident Response Team) we are able to help in situations when a security incident already has taken place. We will advise how to approach the problem, and get expected results and perform a reliable analysis of the event. Our team will deliver a complex service starting from properly securing the data to analysis and delivering the final report with the findings. In order to help the customers securing the data properly on their own we offer a know-how on how to do it for Windows and Linux systems.

Incident analysis

We analyze IT systems after they have been breached (hacked). We will help to secure the evidence, determine how the attack occurred, what operations have been performed by the attackers.

Secure data erasing

In case a customers wants to securely remove sensitive data out of a undamaged hard disk we are able to help. This service may be used in cases such as old storage being decommissioned and later set up for sell or before returning a rented equipment. After the process no one will be able to recover data from the disk even with the help of digital forensics tools.

Log, disk, RAM and network analysis

We perform all sort of analysis on hard disks, logs (e.g. Windows events), RAM memory dumps and network traffic.

Corporate espionage

We help customers in detecting acts of corporate espionage in cases of suspicion where competition or rogue employees are trying to obtain the company secrets.

“Practical computer forensics analysis”

Praktyczna analiza powłamaniowa

Adam Ziaja, one of our company founders is the author of a first Polish technical book describing Digital Forensics and Incident Response (DFIR) titled “Practical computer forensics analysis” (ISBN 9788301193478), which was released mid 2017 by Polish Scientific Publishers PWN. The book covers such topics as: securing digital evidence, hacker attack analysis, backdoor and rootkit detection.

Malware analysis

We perform malware analysis, both behavioral and static analyses approaches are used by our analysts. Also we are able to analyse disks for malware presence and identify it.

Explore Our Offer

We deliver advanced technical consulting services covering multiple aspects of cybersecurity from red team to blue team. Thanks to a diverse experience in IT security we are able to look at a wider perspective during engagements. Our abilities come from many years of work experience in cybersecurity and are confirmed with certificates, publications, advisories and references from our customers.