Cyber Forensics

Never before have organizations both large and small experienced such a wide array of cyber incidents. These incidents can result in significant losses for an organization due to theft of sensitive information including intellectual property and personal private data, brand and reputation damage, significant impacts to customers and partners, as well as direct financial losses and penalties. Partnering with an experienced team of cyber forensic investigators provides the unique opportunity to minimize the impact to business operations and safeguard sensitive information.

Deloitte’s cyber forensics services allow for in-depth investigations into digital evidence using forensically-sound techniques based on industry standards such as ISO 27001 and NIST 800-61. The team has both extensive experience in the field and leading industry certifications, which provide the technical expertise that provides Deloitte’s customers with answers to key tactical and strategic questions related to insider threat, data theft, malware infections, and other advanced threats. In addition, Deloitte’s thorough analytical and reporting methodologies enable the use of cyber forensics material in legal proceedings.

Deloitte’s worldwide presence in 870 locations across 150 countries means that time-sensitive cyber forensics operations can be rapidly carried out using the approach illustrated in the infographic. This process of first contact, collection, examination, and reporting provides a functional framework for cyber forensics.



First ContactYour organization informs our team that you have noticed an irregularity in your IT infrastructure.


CollectionOur team identifies and collates forensic information (including logs, device images, contextual information, and more) through interviews and technical collection.


ExaminationDeloitte’s forensic experts perform an investigation based on the data collected in Phase 2. As part of the investigation, our team answers key client questions and identifies measures and recommendations for improving cyber resilience.


ReportingWe provide a final summary of the findings in the form of a final report or presentation and hold a discussion about the investigation.

Deloitte offers a wide range of cyber forensics services, including:

  • Computer Forensics, which allows for the reconstruction of events on personal computers, server, mobile devices and more. This discipline uncovers digital evidence that can provide answers for high-priority investigations related to insider threat, hacking, ransomware, and many other types of security events.
  • Network Forensics, a service that focuses on monitoring network data to detect abnormal activity using signature-based and behavioral-based techniques.
  • Log File Analysis, a type of investigation technique designed to collect, process, and investigate large amounts of log files from across a customer’s enterprise. This technique provides unique insight into adversary activity by revealing attack timelines and techniques.
  • Malware Analysis, a methodology to learn about the functionality and scope of malicious software to enable the design and deployment of countermeasures to thwart further attacks.
  • Breach Indicator Assessments, which allow for the proactive hunting of threats on customer networks using advanced sensor technology and lead to the mitigation of discovered threats.
  • Training to improve the in-house proficiencies of a customer’s IT and cyber security teams.

Your Contact

Ralph Noll

Ralph Noll

Partner | Cyber Risk

Ralph Noll ist Partner im Bereich Cyber Risk bei Deloitte und ist verantwortlicher Ansprechpartner für alle Fragestellungen rund um den Themenbereich der Cyber Response. Ralph hat mehr als 20 Jahre Er... Mehr