Please enable JavaScript.
Coggle requires JavaScript to display documents.
PFI Preliminary Report Template (Details Required (Scope of forensic…
PFI Preliminary Report Template
Details of all third parties connected to the network
Other comments about the case
Have we identified the malicious file. If yes fill the appendix
Malware 1
Indicator Type
File name
Date and time: :question:
Indicator Type:
PHP Webshell
Action or kill chain:
Command & Control
File size:
MD5 value:
IP address -
registry settings - changes made in the regsitry setting by the malware:
Domain - any domain to which the malware is trying to communicate:
Domain time of lookup:
Targeted e-mail address:
Additional data (if any):
Malware 2
Indicator Type:
Filename:
Date and time: :question:
Used for Exfiltration of data from Database
Action or kill chain:
File size:
**
MD5 value:
IP address -
Domain time of lookup:
Domain - any domain to which the malware is trying to communicate:
egistry settings - changes made in the regsitry setting by the malware:
Domain time of lookup:
Targeted e-mail address:
Additional data (if any):
Contact information
Client Details
Company name:
Company address:
Company URL:
Company contact name:
Phone number :
E-mail ID:
Acquiring Bank
Whether there is a acquiring bank for the client:
Contact details
Acquiring bank name:
Acquiring bank address:
Acquirer contact name:
Acquirer phone number and email ID:
Whether the acquiring bank has been informed about the breach:
Brand acceptance
VISA:
MC:
Discover:
JCB:
Other:
Details Required
Date investigation started
Name of entity under investigation:
Date of last AOC or SAQ:
QSA - who certified :
Type of business entity:
Is forensic investigation being done onsite or remotely:
Evidence of a breach:
First confirmed date that the intruder or malware entered the network:
date of first webshell deployment or access:
Date of malware sample submission for analysis:
Scope of forensic investigation
Explain data flow on how the cardholder data was flowing through the network:
A brief explanation on the network architecture:
Explain all the locations through which cardholder data was flowing through the network:
Explain on the initial understanding of the breach, and how the breach would have occured:
Explain on how the system components were selected for imaging based on the understanding of the breach and network architecture:
Explain which all system components are covered as part of the initial analysis:
Explain on how the acquisition is being carried out :
Window of system vulnerability
Have we identified the root cause of the breach
Type of data impacted - (eg - full track data, CVV, CVV2, PIN, PIN block, EMV cryptogram) :
Initial thought on attack vector
Mention the attack vector's, and refer Appendix D of the final report template for the same: :
For each attack vector, mentioned, explain on why we think this attack vector would have been used:
Contaiment
Has the breach being contained -
If contained, how has the breach being contained. How did SISA validate that the containment measure has been adequately implemented for containing the same:
Date when the breach has been contained :