Forensic and Incident Response experts on hand to help

When disaster hits and questions arise, DFIR experts are here to help uncover the truth and guide a reputable response.

Uncover security risks

Digital forensics and incident response experts across New Zealand and Australia

Whether you need to investigate suspicious behaviour, contain a ransomware incident or uncover the root cause of an attack.

No items found.

Discover our services

Digital forensics and incident response experts

Whether you need to investigate suspicious behaviour, contain a ransomware incident or uncover the root cause of an attack, our DFIR specialists are here to help

No items found.

Chief Information Officer

Government Agency

"As ever, a professional, effective and efficient engagement with Bastion that has left us feeling more secure. Thanks team!"

Service detail

Incident details

We’ve supported many clients through security incidents and forensic investigations. Our expertise spans incident coordination, threat hunting, and providing Expert Witness services.

Engagement Example 1:

Post Incident Review (PIR)

Bastion was engaged to lead a Post Incident Review for a customer following a cyber event. Through staff interviews, document analysis, and process reviews, we identified root causes and gaps in response. Our findings led to 23 prioritised recommendations to strengthen the organisation's future incident handling and resilience.

Interviewed 12 staff and vendors for a full-picture view
Analysed incident data, roles, and response processes
Delivered 23 clear, actionable recommendations

‍

Engagement Example 2:

CI/CD Pipeline Root Cause Analysis

Following a serious credential exposure incident, Bastion supported a customer with incident response and Root Cause Analysis. We worked with stakeholders to identify missteps, restore services securely, and implement remediation steps to prevent recurrence.

Identified root cause of credential exposure in deployment
Supported secure rollback and redeployment of services
Advised on remediation and future prevention measures

‍

Engagement Example 3:

Account Enumeration

An organisation detected Account Enumeration Reconnaissance via Microsoft Defender for Identity. Bastion supported the investigation, coordinated with external providers, and helped implement containment and monitoring improvements.

Deployed CrowdStrike Falcon with CTI for enhanced visibility
Investigated log discrepancies and clarified rollover behaviour
Identified firewall misconfigurations in MFN integration

‍

Engagement Example 4:

GCP Misconfiguration leads to exposes records

Bastion investigated a cloud data exposure incident affecting a SaaS provider. Misconfigured Google Cloud Bucket permissions led to 2.4 million files being publicly accessible and indexed by search engines.

Identified public access misconfiguration in Google Cloud Bucket
Recommended secure access controls and signed URLs
Advised on logging, permissions, and regular security testing

‍

Engagement Example 5:

Employee Account Credential Leak via BYOD

Bastion investigated a security incident involving stolen Microsoft 365 session credentials from a personal device infected with malware. The organisation’s swift response and Bastion’s forensic analysis helped confirm no unauthorised access occurred.

Analysed infected personal and corporate devices for credential theft
Recovered browser data despite user attempts to clear history
Recommended controls for device access and session security

‍

Engagement Example 6:

Breach of trust, restructure documents leaked

Bastion investigated a suspected data breach involving unauthorised access to a sensitive document. Forensic analysis uncovered system reinstalls, missing logs, and potential data concealment efforts, alongside evidence of intent.

Analysed multiple devices and uncovered use of data deletion tools
Identified missing logs due to lack of endpoint onboarding
Found chat messages suggesting intent to access confidential data

Our delivery process

Benefits

What sets us apart

We’ve led hundreds of successful investigations across digital forensics, incident response, and eDiscovery. Our team regularly collaborates with insurers, legal counsel, government agencies, partners

Qualified experts

We’re certified by globally respected organisations, including SANS and IACIS and provide unmatched, locally based expertise to support your security

Decades of experience is a phone call

From business email compromise and phishing to espionage and advanced persistent threats - there’s little we haven’t encountered.

Equipped with what it takes

We leverage bespoke and industry-recognised tools to streamline every stage - from evidence collection through to final reporting.

What comes next

Expand your security coverage

Security incidents often trace back to gaps in governance, design or control implementation. We’ll work alongside you to pinpoint those gaps and develop targeted solutions that reduce future risk.

Security roadmap - a journey for continuous and targeted improvement
Extend your team’s capability with managed endpoint, cloud or identity security solutions

Red Teaming

Red teaming simulates real attacks to test your systems, people, and physical security. Our red team penetration testing reveals how well your defences hold up.

Secure Development Training

We train developers and engineers to identify, avoid, and mitigate common security issues — making secure coding part of everyday practice.

Testimonials

Our customers

Look what our customers have to say

Chief Information Officer

Government Agency

"As ever, a professional, effective and efficient engagement with Bastion that has left us feeling more secure. Thanks team!"

Cyber security news

Latest advisories

Stay ahead of emerging threats with our expert blog posts, research, and industry updates.

Silverstripe - Cross-Site Scripting (XSS) Vulnerability

A Cross-Site Scripting (XSS) vulnerability has been identified in the administrator panel of Silverstripe CMS, specifically in the handling of the user input within the form messages module.

Silverstripe - Host Header Injection

A Host header injection vulnerability in Silverstripe has been identified that allows an attacker to poison the password rese

Statamic CMS

Sam Schroder found a local file inclusion (write only) vulnerability inside of the upload functionality of Statamic CMS. This affects front end components like forms with `assets` fields.

Frequently asked questions

From risk assessment to rapid response - we’re with you every step of the way.

What types of incidents can you help investigate?

We deal with all sorts of security issues, from ransomware and phishing attacks to insider threats, data theft, and unauthorised logins. Whether something’s just happened or you’re worried something’s not quite right, we’re here to help.

How fast can you get started?

We know timing is of the essence when something goes wrong. We're on hand to quickly assess the situation, offer immediate containment advice, and ensure evidence is preserved properly.

Will this affect our day-to-day operations?

We aim to keep things running smoothly while we do our work. We’ll coordinate with your team to avoid unnecessary disruptions, and we’ll always let you know if anything we need to do might impact your systems or staff.

Can you help us get ahead of future incidents?

Absolutely. We don’t just respond to incidents, we also help you get ready for them too. That includes things like DFIR Retainers, Incident Response Planning and tabletops.

What do we get at the end of the investigation?

You’ll get a clear, detailed report that explains what happened, how it happened, and what systems were impacted. We’ll also give you practical advice on how to fix any issues and strengthen your security posture going forward.