Discreet, collaborative and thorough post-breach investigations

When a cyber attack results in a breach of cardholder data, the importance of your incident response can not be overstated. The speed and effectiveness of your actions will dictate how successfully you limit the damage, how much data is exposed and how quickly you can regain control of the situation.

If you are hit by a breach, you may be subject to a mandatory digital Forensic Investigation that has to be conducted by a qualified Payment Card Industry (PCI) Forensic Investigator (PFI).

Dionach, as a PFI, will assist with a rigorous and transparent review of the technical, physical or human vulnerabilities that led to the breach.

What we do

Dionach’s qualified PCI Forensic Investigators will work quickly, discreetly and collaboratively to help you restore a secure environment and support your investigation of what caused the data breach.

Using the latest digital forensic techniques we analyze your systems and processes to collect evidence as required.

Our Process

Each engagement is carried out by following a series of process steps:

1. Assignment

  • Clearly define objectives of engagement
  • Obtain permission to access assets
  • Assemble appropriate PFI team for engagement

2. Preparation

  • Agree client communication process
  • Determine client knowledge of incident, and any actions already taken
  • Identify evidence sources pertinent to the engagement

3. Identification

  • Obtain evidence from assets within scope of engagement
  • Analyse obtained data
  • Ensure detailed record keeping

4. Containment

  • Determine immediate actions to limit spread and prevent escalation
  • Identify critical findings to client immediately

5. Eradication

  • Identify remediation steps to resolve incident and prevent recurrence
  • Recommend, implement, or improve detection and prevention processes
  • Validate resolution of incident

6. Reporting

  • Issue a preliminary incident response report to all relevant parties within 5 days
  • Issue final PFI report to all relevant parties
  • Provide post-incident meeting and follow-up support, if required

7. Retention or disposal of assets

  • Return, retain or dispose of client assets as agreed during initial scoping, or required for legislative compliance
  • Retain all evidence for 1 year unless otherwise required by applicable law


Find out how we can help with your cyber challenge