Cyber Security & Digital Forensics.

Digital Forensics & Incident Response

Digital forensics and incident response require precision, consistency, and defensibility. Our process is fully repeatable, leverages validated tools, and prioritizes clear, actionable communication to all stakeholders — from executives to legal teams.

• Evidence Acquisition – We collect data from diverse sources (dead/live systems, cloud platforms such as M365, log repositories) using forensically sound methods to preserve integrity and maintain chain of custody.
• In-Depth Analysis – Our investigators build timelines, correlate artifacts, and perform malware triage to uncover root cause, impact, and attacker behaviour.
• Hard Drive & Memory Forensics – We extract and analyse disk images and volatile memory to identify persistence mechanisms, malicious code, and attacker activity.
• Clear, Structured Reporting – Findings communicated through executive summaries for leadership and detailed technical annexes for security teams and legal review, ensuring the results are understandable and defensible in court if required.

Email Security assessment

A robust email security strategy and configuration reduce the risk of phishing, malware delivery, and business email compromise (BEC) by combining assessment, configuration, and continuous validation against industry standards. It is important to understand that email configuration directly impacts the level of trust in your brand’s domain. Properly configured security frameworks protect not only your organization but also anyone receiving emails that appear to come from your domains—including those not sent through your official email gateway.

• Assessment of Email Security Configuration – Comprehensive review of mail gateways, spam filters, anti-malware engines, and phishing protection controls to ensure optimal coverage and minimal false positives.
• Encryption, Logging & Monitoring – Verification that end-to-end encryption (TLS, S/MIME), message tracing, and security event logging are in place to support detection, response, and compliance requirements.
• Implementation & Verification of Security Frameworks – Deployment and validation of key email authentication and transport standards, including:
• SPF – Prevent spoofing by validating sender IPs.
• DKIM – Ensure message integrity via cryptographic signatures.
• DMARC – Define policy for handling authentication failures.
• TLS-STS / MTA-STS – Enforce encrypted transport for mail servers.
• TLS-RPT – Enable reporting of mail transport issues.
• BIMI – Visually authenticate legitimate senders with brand logos.
• DANE – DNS-based Authentication of Named Entities.
• Continuous Improvement & Vendor Best Practices – Alignment with evolving security frameworks, vendor recommendations, and threat intelligence feeds to stay ahead of new attack techniques.

Cloud Security Assessment

Our cloud security assessment identifies risks, prioritizes them based on likelihood and impact, and provides practical recommendations aligned with your organization’s risk tolerance and compliance obligations. Findings are framed in business context so that decision-makers can weigh security improvements against operational and strategic priorities.

• Identity & Access Management - We evaluate how identities (human and service) are managed, focusing on least privilege enforcement, MFA coverage, conditional access policies, credential lifecycle management (e.g., key and secret rotation), and federation with enterprise identity providers. Weaknesses here often represent the most direct path for attackers.
• Networking & Connectivity - Assessment covers network segmentation, use of private endpoints, control of outbound (egress) traffic, and exposure of management interfaces. We examine whether architectural patterns reduce the blast radius of compromise and prevent unnecessary internet reachability.
• Data Protection - We assess encryption controls (at rest, in transit, and in use where applicable), backup and recovery readiness, secrets and certificate management practices, and the handling of sensitive data across environments. This ensures resilience against data breaches, ransomware, and regulatory non-compliance.
• Logging, Monitoring & Detection - We review cloud-native telemetry, retention settings, centralization of logs, and the integration of detection rules with your SOC/monitoring stack. The goal is to ensure that anomalous or malicious activities can be identified quickly and with sufficient context for response.
• Cloud-Native Security Services - We assess how well vendor-specific security services (e.g., AWS Security Hub, Azure Defender/Sentinel) are deployed, tuned, and embedded into operational processes. Misconfiguration or under-utilization of these tools often leaves organizations with “shelfware” rather than real protection.

About Nansec

Since 1994, I’ve lived and breathed IT—shifting my focus to security in 1998. In 2018, I founded Nansec to share what I’ve learned from decades of hands-on work with infrastructure, operating systems, and cloud platforms. My experience leading Incident Response and Digital Forensics across industries has taught me that security isn’t just about tools—it’s about protecting people and enabling trust. That’s what I bring to every project.

Based in Gothenburg, Sweden.

Keep engagements small, focused, and confidential.

Contact

Prefer email with your scope, timelines, and any confidentiality requirements.

We support Signal, S/MIME and PGP.