LISIRT – LIFARS Computer Security Incident Response Team

LISIRT – LIFARS Computer Security Incident Response Team

LIFARS would like to proudly introduce its Computer Security Incident Response (CSIRT) team to its clients as well as to the cybersecurity community. Its team members are well acquainted with the CSIRT/CERT community, as they are ex-members of a European governmental team.

LISIRT is based in the United States and in Europe and is focusing mostly on digital forensics, incident response, threat hunting, pentesting, auditing, and advisory services.

Firstly, the team’s constituency consists of organizations and companies that opted to elect LIFARS as its IR team through a retainer contract. Secondly, an organization will be a temporary constituent when it contracts LIFARS to respond to an incident, either as a sole responder or as part of a larger team.


LISIRT’s Mission Statement


LISIRT Becomes a Client’s Key Incident Response HELPR as we strive to:


LISIRT Mission Statement

Help prepare for cybersecurity incidents

Educate regarding current cybersecurity incidents, events, and threats

Liaise with law enforcement agencies where necessary, mandated, or required by law

Partner with public and private CERTs

Respond promptly to cybersecurity incidents by assisting with identification, containment, eradication, and recovery from the incident, using LIFARS’s professional services

LISIRT Services

LISIRT Services Incident ResponseIncident Response

  • Alerts & Warnings
  • Managed Detection and Response
  • Containment, Eradication & Recovery
  • Post-Incident Activity
  • On-Site Incident Response
  • Remote Incident Response
  • Incident Response Coordination
  • Digital Forensics & Malware Analysis
  • Bitcoin Payments



Proactive Services

  • Threat Hunting
  • Penetration Testing
  • Red Teaming
  • Secure Code Review
  • Phishing Simulations
  • Security Audits
  • Tabletop Exercises
  • Cyber Resiliency Trainings

LISIRT Maturity

LIFARS formed a Computer Security Incident Response Team called LISIRT for your benefitLISIRT is now a Listed member in the TF-CSIRT Trusted Introducer (TI) and will continue its journey towards Accreditation and ultimately the Certification. Meanwhile, we adopted the Security Incident Management Maturity Model (SIM3) to govern, document, perform and measure its functions and operations. For example, TF-CSIRT/Trusted Introducer uses this model for certification of CSIRT/CERT teams.

About CSIRT/CERT teams

CSIRT is the abbreviation for ‘Computer Security incident response team’ and it is a dedicated or ad-hoc team in an organization with the main goal to respond to cybersecurity incidents. The terms CSIRT and CERT are usually used interchangeably but there may be slight differences in the scope of services they provide.

Historically, the term Computer Emergency Response Team (CERT) has been used first by the CERT Coordination Center (CERT-CC) at Carnegie Mellon University (CMU) in 1988 and it is now a registered trademark in many jurisdictions. The emergence of the term is tied with the outbreak of the infamous Morris Worm. Ultimately, this worm paralyzed approximately 10% of the Internet and which was the first felony in the US under the 1986 Computer Fraud and Abuse Act.

LIFARS TechDiary

LIFARS TechDiaryDuring the daily work as forensic analysts, malware analysts, incident responders, threat hunters, pentesters and consultants, LISIRT often encounters interesting things. More importantly, sometimes they are worth sharing with the world. Therefore, we gave birth to LIFARS TechDiary. In this place, we will publish observations, remarks and case studies resulting from LISIRT’s engagements. In short, follow us on Twitter!