Digital Forensics and Incident Response (DFIR)

Do you want to prepare your organization to be able to thwart cyber attacks? Do you need external specialists to be able to counter an attack? Using our DFIR service you will benefit from our guaranteed availability and response time, as well as the permanent availability of specialists and expert panels. In order for us to minimize the reaction time at the very outset, we have an onboarding process for new customers. We can also run tabletop exercises with you so that your company’s detection and readiness to counter such threats can be improved. 




The onboarding process enables our DFIR specialists to respond to an incident promptly and that they are provided with all the necessary resources that would allow them to begin analyzing an incident. The key requirements are settled in advance, emergency contacts will be established.

Among other points, the following are clarified:

  • Who are your emergency contacts?
  • How are incidents reported and logged?
  • How is the response team’s progress to be communicated and how are these details to be shared?
  • Where are your company’s premises and what is the site of operation? 
  • What access controls are in use?
  • Important documentation/concepts and network topologies are made available

Expert Panel 

Our customers are free to have their incident discussed with a Compass specialist in order to triage an incident. Customer questions are discussed and reviewed. Additionally, initial emergency countermeasures can be discussed and then implemented by the customer.


Tabletop simulation allows us, together with the customer to exercise a scenario from a list of Compass incidents. The scenario selected uses real elements, e.g. the correct and timely triggering of an alert or going through a customer’s log files. This allows one to check whether the emergency contacts know the procedure for the scenario selected and particularly whether they understand or know their own responsibilities in detail and can also carry these out. Additionally, this process can help to reveal any shortcomings in your readiness to respond to incidents and these can be optimized as required. This is an important step in ensuring an effective and efficient running of this collaboration. Subsequently, the results are discussed with the customer and an action item list is drawn up. We are therefore able to support our customers in the ongoing process of optimizing their forensic readiness plans.


You will receive support in clearing up computer emergencies or cybercrimes. To this end, we are not just there to provide assistance for your procedures and countermeasures, but also take active charge for the analysis and evaluation of collected evidence. These findings are also given to the customer as a report or log file.

We are more than happy to present our services and possible solutions in person. Do not hesitate to get in touch.

Your contact person


Cyber Risks – from abstract risk to everyday reality

The Europa Institut at the University of Zurich (EIZ) is one of the leading centres of expertise for European Law and is an important provider of... Read more

Swiss Treasury Summit 2019

Das Schweizer Jahrestreffen der Treasurer - am 11. September 2019 an der HSLU in Rotkreuz. Read more

Swiss Cyber Hackathon 2019 / Zurich

Simulating Real World Cyber Scenarios – Educational Cyber Competition of Defending your Environment and Attacking your Opponents Read more



Eine gelungene Feier zum 20-Jahre-Jubiläum

Compass Security lud am 07. Juni 2019 aktuelle und ehemalige Mitarbeitende, Kunden, Partner und Freunde ein, um ihr 20-jähriges Bestehen zu feiern.... Read more

Butcher Wechsler and the Hackers

The latest magazine of "Die Mobliliar" focusses on artificial intelligence as well as digitalization - and take a look at cyber crime. Read more

Hack2improve - a success story

The Furtwangen University of Applied Sciences offered a hacking workshop for the first time in 2008. What was a novelty at that time is now firmly... Read more


Compass Security Blog

Reversing obfuscated passwords

During internal penetration tests or Windows client hardening engagements, we often find configuration files with obfuscated passwords. The post demonstrates a general approach and required tools to... mehr

Swiss QR Code Invoices for Phun and Profit

Modern problems require modern solutions, this applies to the finance sector as well. So what problems am I talking about? Digital Invoices in a Mixed Payment Slip Landscape In Switzerland we are... mehr