0x02 · service brief
Exfiltration Scoping Audit
A bytes-on-wire reconstruction of what actually left the network, replacing hand-waved estimates with defensible volumetric and content findings. Built for matters where notification populations, regulatory fines, and indemnity limits turn on the precise scope of data egress.
01what you get
- Netflow, proxy, and egress telemetry reconstruction
- Content-class identification of exfiltrated data where artifacts permit
- Volumetric analysis with stated confidence intervals
- Comparison against threat actor leak-site postings and ransom claims
- Scoping memorandum suitable for regulator submission
02how to start
Reply with the artefact identifiers you have in hand (hashes, firmware version, advisory ID, or a description of the evidence bundle). We confirm authorisation and scope before any analysis begins. If a deadline is in play, name it — we scope depth against the deadline, not against an internal pipeline.
03scoping intake
Identify the breach window, the egress telemetry you have (full PCAP, proxy logs, netflow/IPFIX, cloud audit), the notification deadline driving the scope, and any leak-site or actor-claim references we should reconcile against.