Kroll Incident Response

Additional Info

Company size (employees)5,000 to 9,999
Type of solutionHybrid


Kroll’s elite security leaders deliver rapid responses for over 2,000 incidents per year and have the resources and expertise to support the entire incident lifecycle, including litigation demands. Gain peace of mind in a crisis.

No matter the type of data loss or cybercrime, Kroll has the experience and resources (human and technology) to move quickly, to discern, isolate and secure valuable relevant data and investigate the digital trail, wherever it may lead. A few of the services available include:

– 24×7 Incident Response
– Digital Forensics
– Cyber Litigation Support
– PCI Forensic Investigator
– Data Recovery and Forensic Analysis
– Malware and Advanced Persistent Threat Detection
– Incident Response Threat Simulations

In the event of digital attacks, such as malware, ransomware or an email account compromise, Kroll’s cyber investigation teams can collect and examine physical and digital evidence to uncover important information, such as where, when and how an incident occurred—and if systems are still at risk. We will determine what data was compromised and whether digital evidence was erased or modified. We will also work with your teams to recover data, whenever possible, and recreate events and exchanges so that you have an accurate diagnosis to develop an effective recovery plan.

Kroll also contributes to the Incident Response community with KAPE, a free download that is actively updated with input from Kroll frontline responders and the DFIR community. Since its introduction in 2018, Kroll Artifact Parser and Extractor (KAPE) has been adopted by a wide variety of government, law enforcement, and military organizations as well as commercial enterprises. KAPE is also currently covered in various courses offered by the SANS Institute. KAPE is the future of forensic investigations as it enables forensics teams to collect and process forensically useful artifacts within minutes.

How we are different

- Scalable, trial-tested litigation support services for unparalleled speed, accuracy and insight. Kroll’s litigation support services team is uniquely positioned to work in tandem with our incident responders to optimize the investigation process and deliver case-changing insights. Our team stands ready to expedite data collection, either remotely or onsite, to minimize disruption to your operations and deliver insight for nuanced decision-making. Kroll has a dedicated team for insurance and legal channels, with extensive relationships with 50+ cyber insurance brokers and carriers worldwide and exclusive benefits to insureds.

- Unique threat intelligence experience and unrivalled expertise. Kroll experts have unique experience from former service with the FBI, DOJ, U.K. Intelligence, Europol, SEC, and U.S. Secret Service, among others. Our cadre of experts also hold more than 100 types of industry certifications, including CIPP/US, CRISC, CISA, CISM, CISSP, CPP, GCIH, GREM, GNFA, GPEN, MCP, MCSE, PCI, PMP, QSA, and CEH.

- Incident response retainers deliver peace of mind and maximum value. Kroll also offers several incident response retainers that are designed to offer maximum flexibility and include an array of proactive services that ensure you get tangible value. With increasing privacy and consumer protection laws mandating timely response and notification, you gain peace of mind knowing Kroll’s global resources are readily available in a crisis and can leverage our expertise and end-to-end services to strengthen your overall cyber resiliency.