No organisation is immune to cyber or information security incidents. How you handle the incident determines whether it is complete recovery or total disaster. NRD CIRT is a first private Baltic incident response team that helps organizations properly handle the incidents and investigate them.


Incident Handling

Mature incident response process ensures effective management of security threats, mitigation of risks and assures continual improvement of secure environment.

Even though your organisation is effectively protecting all your weakest points, you might not have all necessary means to know the time, tools, direction and goals of a possible attack.

If you are facing fraud, intellectual property theft, industrial espionage, network compromises, employee misuse or malware, our incident response team will provide a fast and on-site incident handling services in a seamless, professional and timely manner. We will analyse security event data, gather all relevant evidence to build a complete threat case, including malware triage and reconstruction of evidence. Effective guidance on how to minimize on-going loss will be provided and implemented.

Our incident investigation will cover attack vectors discovery and risk analysis to provide guidance on prevention of similar incidents in future.


  • Focus on damage mitigation during the security event and security improvements to avoid similar incidents in the future;
  • Solid internal and external incident communication procedures;
  • Compliance with effective laws;
  • Preservation of digital evidence admissible by courts;
  • Use of four steps methodology:
    • Prepare – learn the baselines, discover or deploy methods and tools that enable detection of security events;
    • Detect – use of technologies and manual customer reporting to monitor and recognize unusual, suspicious behavior and analysis of suspicious activities to discover intrusions, violations, damage, threats and vulnerabilities;
    • Respond – based on analysis results we prepare incident response and recovery steps and help the customer to restore services and information assets to the operational state and eliminate intruder’s access;
    • Improve – we proceed with the root cause analysis and identify flaws which allowed the security breach and provide recommendations for infrastructure and process improvement.


  • Have a solid incident response process that is compliant with international standards and legal requirements;
  • Minimize tangible and intangible losses caused by security breaches;
  • Increase your reputation with capabilities to effectively mitigate security threats and risks;
  • Have a continual improvement of information infrastructure security to control existing and future risks.

Contact Marius Urkis at mu@scdrnlt or +370 687 79059 for more information.

Digital Forensics

An external cyber attack, insider’s fraud or policy breach are common cases for different liability questions: what was the intent, what and how it happened, who is liable? Digital forensics investigation provides court-level analysis of evidence.

Typically, organizations do not possess expertise of forensic methods and tools, as they are complex and costly. However, proper handling and analysis of digital evidence is highly important from the beginning of the incident, if it is to be used in legal or disciplinary proceedings.

Our team of forensic experts analyses media, computer hard drives, and mobile phones in a forensically sound manner. We capture network stream to depict the crime scene and provide a clear picture of the timeframe fro subject’s actions.


  • Use of trusted and verified methods and tools to investigate digital media and search for artefacts relevant to security incident;
  • Use of computer forensic tools to gather digital evidence from the media and network and restoring fact information from the data;
  • Digital evidence is admissible to court.


  • Know who, when and why caused a security breach;
  • Have a legal prosecution processes or internal disciplinary actions enabled by digital evidence.

Contact Marius Urkis at mu@scdrnlt or +370 687 79059 for more information.