Digital Forensics

Uncover the truth. Preserve the evidence. Strengthen your response.

Whether it’s a suspected insider threat, data breach, or endpoint compromise, timely and accurate digital forensics is essential to understanding what happened and what to do next. Our digital forensics service provides clarity in the chaos, enabling decisive action with defensible findings and actionable recommendations.

At Lykos Defence, we combine deep investigative expertise with industry-standard tools and methodologies to deliver clear, actionable results. We help you answer critical questions:

Was there a breach?
What was accessed?
How did it happen?

What We Investigate

Malware and ransomware infections
Insider threats and employee misconduct
Business email compromise (BEC)
Credential compromise
Intellectual property theft
Endpoint, server, and cloud compromise

What You Can Expect

Rapid Triage & Containment Support

We help scope the incident, isolate affected systems, and advise on immediate next steps.

Detailed Forensic Acquisition & Analysis

We collect and analyse volatile and non-volatile data from endpoints, servers, cloud platforms, email, and other log sources, ensuring preservation and chain of custody.

Clear, Defensible Reporting

Our reports are written for both technical and non-technical audiences, suitable for internal decision-making, regulators, and legal proceedings.

Expert Collaboration

We work closely with your internal teams, legal counsel, and insurance providers to ensure a coordinated, efficient response.

Why Lykos Defence?

Real-world experience in high-stakes investigations across critical infrastructure providers, government, education, finance, tech startups, and large enterprises
Certified forensic practitioners using SANS-aligned methodologies
Proven ability to operate discreetly and professionally under pressure
Independent, vendor-neutral, and outcome-focused

When every second counts, we bring clarity. Contact us to discuss an active incident, schedule a readiness review, or retain our services in advance.

Frequently Asked Questions

As early as possible. Engaging us at the first sign of suspicious activity ensures evidence is preserved, investigation efforts are focused, and containment decisions are guided by facts rather than assumptions. Early triage support can also help avoid irreversible data loss or legal complications.

Yes. We work collaboratively with your technical staff, security analysts, legal team, executive leadership, or other third party service providers to ensure investigations are well-informed, appropriately scoped, and aligned with your business priorities. We also coordinate with your cyber insurer or breach coach where needed.

We handle forensics across Windows, Linux, and macOS endpoints, servers, virtualised environments, and cloud platforms like Microsoft 365, Google Workspace, and AWS. We also analyse logs, email, mobile devices (in scope-dependent cases), and external storage when available.

We support both. While many clients contact us during an active incident, others retain us ahead of time for guaranteed response timelines, or engage us for forensic readiness assessments and preparedness exercises. We can also assist post-incident with root cause analysis or evidence reviews.

Yes. We use industry-standard forensic tools and techniques, document our process rigorously, and ensure proper chain of custody during acquisition. Our reports are clear, defensible, and structured to support potential legal or regulatory requirements.

Pricing depends on many factors like the number of systems involved, data volume, and complexity, so it's challenging to provide an accurate estimate without a call to adequately scope your needs.

As a general guide, pricing for small-to-medium engagements (e.g., forensic acquisition and analysis of one compromised system), may start from AUD$7,500–$12,500. We have standard rates per type of device (workstation, server, mobile device, memory, etc.) for imaging-only engagements where analysis isn't required, and there are economies of scale where more devices are involved (i.e., 10 machines would not necessarily cost 10x as much).

Urgent incident response or multi-system investigations usually involve higher costs in line with the level of effort required to complete the investigation. We provide clear estimates upfront and communicate early and often during every engagement so there are no surprises.

We provide both. Most investigations can be performed remotely using secure evidence acquisition and communication methods. For sensitive environments or where physical access is necessary, on-site support is available across Australia and select international locations.