8grams8grams.
BlogCasesEbook
ENID
Start a Project
ENID
Start a Project
8grams8grams.

AI-powered software studio taking your web apps, mobile apps, and cloud infrastructure from idea to production.

Get in touch

  • [email protected]
  • WhatsAppWhatsApp: +62 811-3143-975
Read 8grams on MediumLike 8grams on FacebookFollow 8grams on InstagramFollow 8grams on LinkedInFollow 8grams on X

Pages

  • Cloud Migration
  • Cost Optimization
  • Cybersecurity
  • Kubernetes Migration
  • Cloud Cost
  • Kubernetes Ops
  • CI/CD Pipeline
  • Cases
  • Blog
  • Contact

Services

  • DevOps & Cloud Infrastructure

    Reliable, scalable infrastructure engineered for growth.

  • Web Application Development

    Custom web apps built for real business outcomes.

  • Mobile App Development

    iOS and Android apps users actually want to use.

  • Web Company Profile

    Fast, search-friendly company sites with measured SEO, GEO, and AEO.

  • Cybersecurity

    Find and fix security issues before they become incidents.

Start a Project

We reply within one business day.

© 2026 8grams Technology. Surabaya, Indonesia.

Built for teams with something to ship.

Chat with us
Cybersecurity/Incident Response
Incident Response

Contain it, recover from it, and learn from it.

The first hour decides how bad it gets. The breach gets contained, forensic evidence preserved, your systems running again, and a root cause analysis written up so the same attack can't work a second time. Retainer clients get an initial response in under an hour, any time of day.

  • Initial response in under an hour for retainer clients
  • Breach containment, system isolation, forensic evidence preservation
  • Root cause analysis with a reconstructed attacker timeline
  • Post-incident hardening so the same attack can't work twice
Get a quoteWhy this matters

Forensic and analysis tooling that has held up on real incidents.

ElasticVolatilityWiresharkKali LinuxSplunkGitHub
Why

The first hour of a breach is the one that costs you.

How much a breach costs you has less to do with the breach itself and more to do with how fast you contain it. An attacker who has been in your network for 48 hours has moved across systems, taken data, and set up ways to come back. Speed matters here more than almost anything else.

No incident response plan, right up until the incident

An alert fires and the team starts improvising. People are making high-stakes decisions under pressure while still trying to work out what is even happening. Every minute of that confusion adds to the damage.

Evidence destroyed during the cleanup

The first instinct is to shut the server down and restore from backup. But powering off a compromised machine before anyone collects forensic data wipes out the very evidence you need to understand what happened and whether the attacker is still inside.

Nobody can say if the attacker is really gone

The malware got removed and the account got locked. But the backdoor, the scheduled task, the second account they quietly created? Nobody checked. Three months later the same attacker walks back in.

Legal notification handled in a panic

Customer data was caught up in it, so there are legal obligations. Nobody knows what those obligations are, who owns them, or what the deadline is. This is the moment a security incident quietly becomes a regulatory one.

The Process

How we run this engagement.

Each step produces something concrete, comes with a written hand-off, and has to pass a checkpoint before we move on to the next one.

01

Detection and initial triage

We go through the evidence you have, classify the incident, and scope the first round of containment. The first 30 minutes are about working out what is genuinely happening rather than guessing.

02

Containment

We isolate the compromised systems without wrecking the evidence. Network segmentation, account suspension, and access revocation are sequenced to stop the bleeding before forensic collection starts.

03

Forensic collection

Memory acquisition, disk imaging, log preservation, and network capture all happen before any cleanup that would destroy evidence. We document the chain of custody so it stands up for legal and regulatory use.

04

Root cause analysis

We build the attacker's timeline from their first foothold to the moment you detected them: the entry vector, the privilege escalation, the lateral movement, the persistence, and what data they touched. This is the answer your board is going to ask for.

05

Remediation and hardening

We remove the attacker's presence, reset credentials, patch the way they got in, and put the missing controls in place. You get a final report with a hardening roadmap. The engagement closes once the door they came through is shut.

The Result

What you walk away with.

These are outcomes you can measure, not a slide deck. Here's the change you should expect to see.

<1hrinitial response

You get help before the damage spreads

Retainer clients get an initial response in under an hour, around the clock. The countdown to containment starts straight away.

Forensic-gradeevidence handling

Evidence preserved for legal and compliance use

Chain of custody, documented collection procedures, and digital evidence handled to a standard that holds up with regulatory investigators and in legal proceedings.

Full timelinereconstruction

A real answer to "how did they get in?"

The root cause analysis gives you the attacker's full timeline, from their first foothold to detection. It's a story, not just a list of compromised machines.

Hardening that shuts the door they came through

Every incident exposes at least one control that was missing. We put it in place before the engagement closes.

FAQ

Common questions.

We don't have a retainer. Can you still help with an active incident?

Yes. Message us on WhatsApp now and we'll engage as fast as we can. Without a retainer, our response time is best effort rather than contractually guaranteed. If you need a guaranteed response window, a retainer is the right way to set that up.

How do you preserve forensic evidence without taking systems offline?

We use live forensics. Memory acquisition, capturing running processes, and collecting network state can all happen on a system that is still up, before we isolate it. We keep our interference with the system to a minimum and sequence the isolation so the highest-value evidence is captured first.

What are your legal obligations after a breach?

Under Indonesia's Personal Data Protection Law (UU PDP), when personal data is involved you have to notify both the affected individuals and the regulator. We flag whether it likely applies and what the timelines are, so you can bring in legal counsel right away, and we produce the factual documentation your legal team will need.

Should we set up a retainer or call you when something happens?

A retainer gives you a guaranteed response window, usually under an hour, plus a team that already knows your environment before the incident hits. Ad-hoc engagement still works for an active incident, but the response is best effort and we lose time getting up to speed on your systems. If a fast, predictable response matters to your business, the retainer is the right choice.

How fast do you respond once an incident is reported?

Retainer clients get an initial response in under an hour, around the clock. Without a retainer we engage as fast as we can on a best-effort basis once you reach us, typically over WhatsApp. The countdown to containment starts the moment we are in, because the speed of containment is what drives the final cost of a breach.

What forensic work do you do during an incident?

We collect memory, disk images, logs, and network captures before any cleanup that would destroy evidence, and we document the chain of custody so it holds up legally. From that we reconstruct the attacker timeline: entry vector, privilege escalation, lateral movement, persistence, and what data was touched. That analysis answers how they got in and whether they are truly gone.

How do you contain an incident without destroying evidence?

We use live forensics to capture volatile evidence such as memory and running processes while the system is still up, then sequence containment so the highest-value evidence is preserved first. Network segmentation, account suspension, and access revocation stop the bleeding without simply powering the machine off. Pulling the plug too early is one of the most common ways evidence is lost.

What happens after the incident is contained?

We remove the attacker's presence, reset credentials, patch the entry point, and put the missing controls in place, then deliver a final report with a root cause analysis and a hardening roadmap. Every incident exposes at least one control that was missing, and we close that gap before the engagement ends. The point is to make sure the same attack cannot work a second time.

Can you support us through regulatory and customer notifications?

We produce the factual incident documentation your legal and compliance teams need to decide on notifications, including the timeline, scope of affected data, and evidence of containment. For UU PDP obligations we flag the likely requirements and deadlines early so counsel can act in time. We handle the technical and forensic facts; your legal counsel owns the formal notifications.

What does a post-incident report give us?

You get a root cause analysis with the full attacker timeline, an inventory of what was accessed or taken, the chain-of-custody documentation, and a hardening roadmap of the controls that need to be in place. It is written so your board, your auditors, and your legal team can each use the parts they need. It turns a chaotic event into a clear record and a concrete plan.

Contact Us

Have a project in mind? Let's build it.

Dealing with an active incident? Message us on WhatsApp now. For anything else, whether that's a security assessment, DevSecOps work, or a blue team setup, the form below is the place to start. We reply within one working day with a straight read on scope and cost.

Email

[email protected]

Office

Surabaya, Indonesia

Starting price

From USD 4,000

Typical projects: USD 4,000–25,000

Tell us about your project

We'll reply within one business day, and we won't put you through a sales pitch.

Prefer to chat? WhatsApp us