As early as possible. Engaging us at the first sign of suspicious activity ensures evidence is preserved, investigation efforts are focused, and containment decisions are guided by facts rather than assumptions. Early triage support can also help avoid irreversible data loss or legal complications.

Yes. We work collaboratively with your technical staff, security analysts, legal team, executive leadership, or other third party service providers to ensure investigations are well-informed, appropriately scoped, and aligned with your business priorities. We also coordinate with your cyber insurer or breach coach where needed.

We handle forensics across Windows, Linux, and macOS endpoints, servers, virtualised environments, and cloud platforms like Microsoft 365, Google Workspace, and AWS. We also analyse logs, email, mobile devices (in scope-dependent cases), and external storage when available.

We support both. While many clients contact us during an active incident, others retain us ahead of time for guaranteed response timelines, or engage us for forensic readiness assessments and preparedness exercises. We can also assist post-incident with root cause analysis or evidence reviews.

Yes. We use industry-standard forensic tools and techniques, document our process rigorously, and ensure proper chain of custody during acquisition. Our reports are clear, defensible, and structured to support potential legal or regulatory requirements.

Pricing depends on many factors like the number of systems involved, data volume, and complexity, so it's challenging to provide an accurate estimate without a call to adequately scope your needs.

As a general guide, pricing for small-to-medium engagements (e.g., forensic acquisition and analysis of one compromised system), may start from AUD$7,500–$12,500. We have standard rates per type of device (workstation, server, mobile device, memory, etc.) for imaging-only engagements where analysis isn't required, and there are economies of scale where more devices are involved (i.e., 10 machines would not necessarily cost 10x as much).

Urgent incident response or multi-system investigations usually involve higher costs in line with the level of effort required to complete the investigation. We provide clear estimates upfront and communicate early and often during every engagement so there are no surprises.

We provide both. Most investigations can be performed remotely using secure evidence acquisition and communication methods. For sensitive environments or where physical access is necessary, on-site support is available across Australia and select international locations.

An incident response plan provides a high-level framework: your objectives, roles, escalation paths, legal/regulatory obligations, and overall response structure.

Playbooks are scenario-specific: step-by-step guides tailored to incidents like ransomware, email compromise, insider threats, or data breaches. Both are important. One sets your strategy, the other guides your tactical response.

Absolutely, in fact it's helpful. Many clients come to us with partial documentation, legacy plans, or outdated templates. We review what you have, identify gaps, and build from there. We recommend keeping what works and improving what doesn’t.

A typical engagement runs for three to four weeks depending on your teams' availability, the number of documents involved, and how much existing material we’re working from. We’ll provide a clear project timeline at the start and keep things on track throughout.

Deliverables are provided in editable formats (typically Word and PDF), ready for review, approval, and distribution. If you need integration into a particular platform (e.g. Confluence, SharePoint), we can support that too.

Yes. Everything we deliver is designed to be used in both simulated and real-world incidents. We avoid theory and boilerplate in favour of practical, testable guidance you can validate through regular exercises.

Pricing depends on the size and complexity of the engagement, e.g., how many scenarios are covered, whether you want to revise existing material or build from the ground up, and how many stakeholder groups are involved.

As a guide, a full IR plan and two to three tailored playbooks typically start from AUD$35,000–$45,000. This type of engagement includes significant time spent with your teams during discussion-based workshops to collaboratively tailor plans to your specific requirements.

We’ll provide a fixed quote after a short discovery call to understand your needs.

Organisations that want to move beyond compliance checklists and prepare their teams to respond with clarity and confidence. We've worked with critical infrastructure providers, government, education, finance, tech startups, and large enterprises across all regions.

Most sessions run between two and six hours, depending on complexity, scenario depth, and number of participants. Expect to spend some time with our team before the exercise to ensure it suits your needs. More bespoke exercises taking place across geographies or multiple days are also possible, just let us know what you need.

After the exercise, we'll deliver an after-action report with both executive-level and technical recommendations within one to two weeks.

It can be. We tailor the scenario to your team’s maturity and level of preparedness. Some exercises focus on executive decision-making and business impact, others revolve around detailed technical injects.

We'll discuss the scope and specifics of the scenario during an initial kickoff call to ensure the exercise meets your exact requirements.

Yes. We provide an after-action report including key observations, recommendations, and actionable next steps to improve your incident response capability. A debrief meeting to go over the report in detail is also available upon request.

We develop exercises to suit a variety of industries, use-cases, and levels of maturity. Our prices are generally fixed-fee and based on our extensive experience responding to real-world and simulated incidents, as well as the level of effort required to create and execute an engaging, world-class scenario.

Smaller, less complicated TTXs based on common adversary tactics, techniques, and procedures generally start around AUD$25,000, including planning, execution, and reporting. More complex, tailored exercises involving multiple teams, sites, geographies, or elements of gamification typically start around AUD$50,000, depending on your particular needs.