02 · /usr/bin/services
services
Each engagement begins with an artefact and ends with a defensible technical report tied to risk, exploitability, and the next action. Pricing is from-scope; depth is calibrated against the deadline.
Cold-Case Reconstruction
A forensic rebuild of an incident 30 to 365 days after the fact, when first responders have demobilized and systems have been patched or…
0x02 · service briefExfiltration Scoping Audit
A bytes-on-wire reconstruction of what actually left the network, replacing hand-waved estimates with defensible volumetric and content findings. Built for matters where notification populations,…
0x03 · service briefIndependent Second-Opinion Review
A structured technical review of a prior IR vendor's report, assessing whether its findings, methodology, and evidentiary chain will survive a deposition or DPA…
0x04 · service briefTechnical Evidence Board
A hash-verified, exhibit-grade presentation of incident findings engineered for adversarial scrutiny by regulators, DPAs, reinsurers, and opposing counsel. Each assertion is bound to its…
0x05 · service briefExpert Witness & Deposition Support
Written expert reports and live testimony support for cross-border breach litigation, arbitration, and regulatory proceedings. Engagements are scoped from the outset for the deposition…
0x06 · service briefSubrogation Forensics
Targeted forensic work product supporting insurer recovery against third-party vendors, MSPs, and software suppliers whose failures contributed to the loss. Findings are structured to…