Fostering Collaboration for Standardized Threat Investigation & Response
Working together can bring much-needed trust to the industry and help safeguard people, organizations, and government — now and in the future.
Investigation covers the forensic analysis of cyber incidents, helping determine how attacks occurred, what was affected, and which evidence supports response.
Search across headline titles and summaries.
Background for this topic.
Investigation is the systematic examination of an event, claim, or suspected activity to establish what happened, when it happened, and who or what was involved. In information security, it commonly covers suspected intrusions, misuse of accounts, data exposure, fraud, and control failures. Investigators reconstruct an event from sources such as authentication records, endpoint artifacts, network telemetry, cloud logs, and disk or memory images, then determine the affected systems, data, and attack path.
Reliable investigations depend on preserving evidence without altering it, recording its provenance, and separating confirmed facts from assumptions. Findings can guide containment and recovery, reveal vulnerabilities that require remediation, and provide threat intelligence about tools or techniques used against an organization. Privacy and legal requirements may restrict what data can be collected or shared, while weak logging, short retention, or uncontrolled access can leave important questions unanswered and undermine any disciplinary, regulatory, or judicial action.
Working together can bring much-needed trust to the industry and help safeguard people, organizations, and government — now and in the future.
Also: Avast Agrees to $16.5 Million Civil Penalty to Settle Privacy InvestigationThis week: more fallout from LockBit, Avast to pay $16.5M, Russia-linked group targeted mail servers, no indication that AT&T was hacked, analysis of a patched Apple flaw, Microsoft enhanced logging, an Android banking Trojan, North Korean hackers and a baking giant fell to ransomware.
Bloc isn't happy with made-in-China network's efforts to protect kids and data Two days after its Digital Services Act (DSA) came into effect, the European Union used it to open an investigation into made-in-China social network TikTok.…
TikTok is suspected of breaching the EU’s Digital Services Act requirements on transparency, privacy and obligations to protect minors