The benefit of conducting forensics after a penetration test has taken place, is that many forensic artefacts will still be in place from the penetration test. This simulates a real-world attack scenario in which a forensic investigator would be requesting logs, and access to servers and/or endpoints to perform analysis. By performing Penetration Test Response, gaps for existing security controls can be discovered, thereby improving the level of readiness for when an attack does occur.
Assumptions are often made that forensic artefacts will be available when required, however we have discovered in every Incident Response service we’ve provided that there is always a significant gap in what evidence can be obtained due to these assumptions. Penetration Test Response will not only help train your team to know what to look for to detect future intrusions, it will also act as a security control gap assessment.