Digital Forensics and Incident Response (DFIR)

Do you want to prepare your organization to be able to thwart cyber attacks? Do you need external specialists to be able to counter an attack? Using our DFIR service you will benefit from our guaranteed availability and response time, as well as the permanent availability of specialists and expert panels. In order for us to minimize the reaction time at the very outset, we have an onboarding process for new customers. We can also run tabletop exercises with you so that your company’s detection and readiness to counter such threats can be improved. 




The onboarding process enables our DFIR specialists to respond to an incident promptly and that they are provided with all the necessary resources that would allow them to begin analyzing an incident. The key requirements are settled in advance, emergency contacts will be established.

Among other points, the following are clarified:

  • Who are your emergency contacts?
  • How are incidents reported and logged?
  • How is the response team’s progress to be communicated and how are these details to be shared?
  • Where are your company’s premises and what is the site of operation? 
  • What access controls are in use?
  • Important documentation/concepts and network topologies are made available

Expert Panel 

Our customers are free to have their incident discussed with a Compass specialist in order to triage an incident. Customer questions are discussed and reviewed. Additionally, initial emergency countermeasures can be discussed and then implemented by the customer.


Tabletop simulation allows us, together with the customer to exercise a scenario from a list of Compass incidents. The scenario selected uses real elements, e.g. the correct and timely triggering of an alert or going through a customer’s log files. This allows one to check whether the emergency contacts know the procedure for the scenario selected and particularly whether they understand or know their own responsibilities in detail and can also carry these out. Additionally, this process can help to reveal any shortcomings in your readiness to respond to incidents and these can be optimized as required. This is an important step in ensuring an effective and efficient running of this collaboration. Subsequently, the results are discussed with the customer and an action item list is drawn up. We are therefore able to support our customers in the ongoing process of optimizing their forensic readiness plans.


You will receive support in clearing up computer emergencies or cybercrimes. To this end, we are not just there to provide assistance for your procedures and countermeasures, but also take active charge for the analysis and evaluation of collected evidence. These findings are also given to the customer as a report or log file.

We are more than happy to present our services and possible solutions in person. Do not hesitate to get in touch.

Your contact person


Swiss Banking Services Forum (SBSF)

The «Swiss Banking Services Forum» is organized by SIX Group and will take place on May 22. There will also be a panel discussion on Cyber Security... Read more

20 years of Compass Security

We would like to propose a toast with you - to the past exciting 20 years and to the many valuable encounters. Read more

Swiss Cyber Hackathon 2019 / Zurich

Simulating Real World Cyber Scenarios – Educational Cyber Competition of Defending your Environment and Attacking your Opponents Read more



Partner for «Deutschland sicher im Netz»

The registered non-profit association DsiN provides comprehensive and independent information to consumers and businesses on issues of IT security.... Read more

Vulnerability in Vigor2960 DrayTek Router

Lukasz D. has identified an XSS vulnerability in the Web User Interface of the Vigor2960 DrayTek router. Read more

Focus topic at the HSR: Information Security

The HSR University of Applied Sciences Rapperswil focuses on cyber security in education, training and research. In this field there are always points... Read more


Compass Security Blog

Windows Forensics with Plaso

Present State of Affairs We have been teaching forensics and network incident analysis for quite a while. We have investigated into a reputable number of cases and we are not the only doing so. Hence,... mehr

XSS worm – A creative use of web application vulnerability

In my free time, I like to do some bug bounty hunting. For some reasons, I’ve been doing this almost exclusively for Swisscom. One of the reason is that the scope is very broad and I like to have this... mehr