April 4, 2025
The securing of evidence after a cyberattack is an essential part of incident handling, and Dubex, as part of the collaboration in the National Cyber Crime Center (NC3), has helped to develop a standard for evidence collection together with other private security companies.
When companies are attacked on their IT infrastructure, the first goal is to limit the damage as quickly as possible, but also to ensure that vital traces are secured. These traces play an important role in the subsequent investigation, both in terms of identifying the security breach and finding the perpetrators. Often, the perpetrators are international threat actors who carry out attacks worldwide, making the securing and documentation of evidence vital for the investigation.
Together with the Danish police and a number of private actors in cybersecurity, Dubex has helped define a common standard for how companies secure evidence most effectively. Historically, each cybersecurity company has had its own protocols for data security, but the police have had specific requests that can support their further investigations when they actively pursue catching the perpetrators and masterminds.
Coordinated support for companies in evidence collection
On the website sikkerdigital.dk, which is a site where citizens, companies, and authorities can learn more about how to have a secure digital life, companies can get insights into how to act when damage has occurred. The purpose of the guide and collaboration is in line with one of Dubex’ key statements: Together we secure Denmark.
It has been an easy decision for Dubex to join forces with our colleagues in the industry to create a common standard for the collection of evidence from cyberattacks. The purpose is twofold – to best equip companies for evidence collection and to encourage companies to report cyberattacks to the police – a practice that hasn’t yet established itself.
By focusing on collecting as much evidence as possible from the start and simultaneously reporting to the police, companies increase the chance of catching the actors behind the attacks.
Ongoing collaboration
The initial phase of the plan is now underway, and Dubex will, together with our colleagues and the police, continuously contribute to maintaining and developing the standards so that they continue to reflect the current situation and methods.
NC3 initiative
NC3 plays an important role in assisting Danish police investigations when it comes to complex IT-related crimes, including hacking, ransomware, and DDoS attacks. NC3 has initiated a collaboration with several private security companies. The purpose of the partnership is to create an environment where the companies can share their expertise and jointly address challenges such as data security.
Through this collaboration, private security companies can exchange their best practices and experiences to streamline methods, processes, and strategies with the efforts of the authorities.
Curious to learn more?
If you’re interested in learning more about our forensics work, you can read more right here.
