An investigation can bring to light a host of questions; just how many of those questions Doctor Web’s investigators can help answer depends on the amount of services the customer has paid for.
Compromised elements of the system (the subject of the investigation)
Has the system integrity been compromised?
Did the incident involve malware (if so, the incident is within the scope of a Doctor Web investigation).
Where did the VCI take place (VCI incidents)?
The technical specifications of the system that experienced the VCI and its environment. The system's function (this information is necessary to determine the priorities of the investigation).
Are there any indications that the machine has been covertly accessed by a third party?
Information about the security software that was installed on the machine in question when the incident took place and whether the software was compromised. If yes, how was the security software compromised?
What caused the VCI?
Staff violations of operational rules or security policies that resulted in the VCI.
How did the VCI occur?
Viruses and other malware involved in the VCI, including a description of their features and payload (those used in the incident as well potentially dangerous ones).
Steps taken by the customer's employees to discover the incident and to deal with its consequences. Effectiveness assessment.
What was the incident's impact?
The current state of the computer system.
What sort of information was stolen?
The consequences of the incident.
Is the compromised computer operational?
The people involved in the incident.
The individuals who participated in the incident (deliberately or accidentally) and the extent to which each of them was involved.
Available evidence of the incident
Is the incident the focus of an investigation by law enforcement agencies? Is there the possibility to appeal to law enforcement agencies and subsequently a court of law? The chances of winning the case.
The list of collected evidence.
Measures to prevent future incidents like this one.
Recommendations on deployment of an anti-virus solution that would prevent VRIs or help reduce their number in the future.