Result-proven cybersecurity.
+371 2256 5353 [email protected]

Theme

Book a consultation

When you suspect a breach, the first hours decide the cost. We engage fast to answer the questions that matter: what happened, how they got in, what they touched, whether they are still inside — and what you must do, technically and legally, right now.

Our investigators combine offensive insight with forensic rigour. We reconstruct the attacker’s path from endpoints, logs, cloud trails and email, preserve evidence to a defensible standard, and contain the threat without destroying the proof you may later need. Because we test the way real attackers operate, we know where they hide and what they leave behind.

You get one plain-language account of the incident plus full technical detail — a timeline, root cause, indicators of compromise and prioritised recovery steps — written to support NIS2 incident notification, GDPR’s 72-hour breach reporting, cyber-insurance claims and, where needed, coordination with law enforcement and CERT.LV.

194 days
average time just to identify a breach
Source: IBM Cost of a Data Breach 2025
72 hours
GDPR deadline to report a personal-data breach
Source: GDPR Art. 33

How it works

  1. 01

    Emergency intake & triage

    Rapid scoping of what you are seeing, immediate containment advice, and a plan to preserve evidence before it is overwritten.

  2. 02

    Containment & evidence capture

    Isolate affected systems and cut attacker access while forensically preserving disks, memory, logs and cloud/email trails.

  3. 03

    Forensic investigation

    Reconstruct the attack timeline, pinpoint the entry point, scope the access and data impact, and extract indicators of compromise.

  4. 04

    Eradication & recovery

    Remove footholds, validate clean restoration, and close the gaps the attacker used to get in.

  5. 05

    Reporting & notification

    Plain-language and technical report with IOCs, plus support for NIS2 / GDPR notification, insurers and CERT.LV.

  6. 06

    Post-incident review

    Lessons learned, detection and response improvements, and a roadmap so the same path cannot be reused.

Packages

Popular

Emergency Response

One-off rapid engagement: triage, containment, forensics and a full incident report.

Forensic Investigation

Deep-dive host, memory and malware forensics for a confirmed or complex compromise.

Response Retainer

Pre-agreed terms and priority access so we are ready before the next incident — pairs with IR planning.

Try it in 3D

Feel this threat first-hand

A hands-on 3D simulation of this exact threat — play it, then see how we test it for real.

Incident response · IR Run the first hour Something is wrong on the network. Work the first critical minutes — detect, contain, escalate and report — before a small incident becomes a breach. Open simulation Fraud · BEC Stop the invoice fraud A trusted vendor emails new bank details, right on cue with a real invoice. Catch the business email compromise before the payment leaves. Open simulation Credentials · Breach Stop the password replay A password leaked in someone else’s breach is now being tried against your accounts. See how reuse cascades — and shut the replay down. Open simulation
Security Awareness Lab Get certified at training.offseq.com

Frequently asked questions

How is this different from your Incident Response Planning service?

Planning is proactive — policies, playbooks and tabletop exercises so you are ready. DFIR is reactive — you call us because something has already happened, and we handle the live investigation, containment, forensics and reporting. The two pair naturally: a retainer gives you the plan and priority access to the responders.

We think we have been breached. What is the first thing we should do?

Call the response line and, where possible, preserve rather than wipe — do not power off affected machines or delete logs, as that destroys evidence. We will give you immediate containment guidance on the call and start a forensically sound investigation so you keep the proof you may need for insurers, regulators or law enforcement.

Do you offer 24/7 response?

We provide rapid, best-effort emergency engagement when you call, and prioritise active compromises. For guaranteed response windows and pre-agreed terms, a Response Retainer is the right fit — we agree the SLA up front so there is no negotiation while you are under attack.

Can your report be used for NIS2 and GDPR notification?

Yes. Every engagement produces a plain-language executive account plus full technical detail — timeline, root cause, indicators of compromise and recovery steps — written to support NIS2 incident notification, GDPR’s 72-hour breach reporting, cyber-insurance claims and coordination with CERT.LV.

Do you handle ransomware?

Yes — scoping the blast radius, eradicating the foothold, supporting recovery from clean backups, and advising on the decision and legal exposure. We help you understand what was encrypted or exfiltrated and how the attacker got in, so the same path cannot be reused.

Helpful tools

Scope a test Build a scoped brief in a minute Security maturity check Score yourself across six domains
Stop drilling and start watching — turn this threat into live coverage. Monitor this for real with OffSeq Pulse

Scope a test

[email protected] · +371 2256 5353

Straight to a senior operator · 24-hour reply · NDA on request

Scope a test Get in touch

All services

Cloud

Cloud Security Assessment

Close the misconfigurations attackers look for.

 Cloud

Cloud Security Posture Review

Find the cloud misconfigurations that cause most breaches.

 Cloud

Kubernetes & Container Security

Test your clusters the way an attacker inside one would.