Digital Forensics

Understand cyber attacks and improve cyber resilience to prevent damage in the future.


1 Expertise

Our forensics team has built up a wealth of expertise over the years by acquiring relevant training and certifications and, most importantly, constantly working in the field of digital forensics.

2 Availability

SECUINFRA has one of Europe’s most effective teams of digital forensics experts. Framework agreements guarantee that our digital forensics experts are always there to help right away.

3 Professionalism

Digital forensics is one of SECUINFRA’s core areas of expertise. Over the years, we’ve continued to perfect our methods, processes and tools so we can offer you a professional service at all times.

4 Preparation

We conduct an orientation for all of our digital forensics clients to prepare them for an emergency. This ensures that they remain calm and make the right moves should such a situation arise.

The SECUINFRA approach – Digital Forensics

Analyze the endpoints (server, workstations, laptops) to discover traces of an attack. This includes malware, data exfiltration and user behavior, for example.
Examining network traffic to identify and analyze traces left by attacks. Determine whether a solution is needed for full packet capture, NetFlow or log management.
Analyze (potential) malware to identify IOCs, reconstruct the events surrounding the attack and evaluate the extent of the damage.

Where evidence is kept as well as which tools are used will differ for each forensics job, but the approach is always the same. SECUINFRA conducts forensic analyses with the following six steps:

In the first phase of a digital forensics assignment, the identification phase, our forensic experts obtain an initial overview of the security incident. To do this, they coordinate closely with the client, conduct initial interviews and search for potential sources of relevant evidence.


The preservation phase is the second phase of a digital forensics assignment. During the preservation phase, our forensic experts ensure that evidence recorded and analyzed in later phases forms a chain of custody that can be traced at any time and cannot be manipulated. On the one hand, this is absolutely necessary for any insurance claims, claims for damages or criminal prosecution. On the other hand, it is the only way to reconstruct the exact course of events and to subsequently improve cyber resilience.


During the collection phase, the third phase of a digital forensics assignment, our forensic experts collect evidence for later evaluation. Depending on the security incident, this can be a wide variety of evidence. Among other things, infected laptops, hard drives, system images, phones, log data, downloads, network traffic recordings or mailbox contents. This phase, like the analysis phase, can be repeated several times if the analysis of the evidence reveals indications of further sources of relevant evidence.


In the analysis phase of a digital forensics assignment, the collected evidence is analyzed in detail and systematically. Evidence found is then evaluated and conclusions are drawn based on the evidence found. As evidence is found, further evidence may need to be collected to confirm or refute the conclusions drawn.


Documentation is a continuous process throughout the entire digital forensics deployment. Continuous documentation ensures that the entire forensic operation can be traced down to the last detail. Starting with the recording of the case, through the results of the initial interviews, the recording and analysis of the evidence and the resulting conclusions, to the final reconstruction of the crime scene. Only through detailed and complete documentation can a traceable chain of custody be formed.


During the final phase of the digital forensics assignment, the presentation phase, the course of events is reconstructed as accurately as possible on the basis of the evidence found and the resulting conclusions. In doing so, our forensic experts take care to create an incontrovertible chain of custody and, if desired, make suggestions for improvements to strengthen cyber resilience at a later stage.


More than 7,000 companies in Germany rely on SECUINFRA directly or through partners when it comes to digital forensics and incident response (DFIR).
Cutting Edge Advanced Persistent Threat (APT) Detection and Response
Winner of the Cybersecurity Excellence Awards 2022 & awarded as best IT Forensics Service Company in Europe!
Since 2020, SECUINFRA has been one of Enterprise Security magazine’s top ten digital forensics consulting/services companies in Europe!

References in the field of Digital Forensics

    SECUINFRA does not publish a client list or references.
    Our clients’ right to privacy always trumps our marketing interests.
    The SECUINFRA DFIR teams have supported companies in the field of digital forensics and incident response (DFIR) day in and day out for years. More than 7,000 companies in Germany have placed their trust in SECUINFRA as a specialist in this area – either directly or through partners.
    If you’re interested in our services, we’ll happily put you in touch with suitable reference clients.