Triskele Labs achieved the CREST CSIR accreditation

Published: 28 Apr 2025

With the CREST Cyber Security Incident Response (CSIR) accreditation, we are one step closer to building awareness and recognising good vs bad DFIR practices.

It's long been a concern that organisations impacted by tragic cyber incidents don't have a reliable method to vet Digital Forensic and Incident Response providers. 

During our engagements, we've seen too many incident response jobs go wrong, leaving impacted organisations worse than when they started. Inexperienced firms conducted these jobs or, unfortunately, teams with minimal or no cyber security experience tried to perform forensic analysis, missing key evidence and leaving avenues for threat actors back into impacted networks. 

After our DFIR team gained valuable experience through hundreds of engagements allocated through professional industry partners, such as insurance and risk legal firms, through our follow-the-sun model and presence in all 5-eyes countries, we wanted to 'officialise' our status through a renowned industry certification.  

Today, we are proud to say that our Digital Forensics and Incident Response (DFIR) team has achieved the CREST Cyber Security Incident Response (CSIR) accreditation.

With this accreditation, we are one step closer to building awareness and recognising good vs bad DFIR practices.

How do you recognise a bad job in DFIR?

• Your IT partner is not calling security experts or cyber insurers.
• You found out too late that your IT outage is not an outage but a full-scale cyber incident.
• They are wiping and re-imaging machines, deleting logs, and generally removing key elements needed for a thorough investigation. 
• Your support team is not responding over weekends or after hours, wasting critical time in which logs expire, enabling a threat actor to exfiltrate data. 

What does this accreditation mean for companies and partners engaging with our DFIR team?

With this accreditation, we set ourselves apart from the competition through a structured, audited and internationally recognised process. 

CREST CSIR ensures we are a 24/7/365 response organisation with strong communication protocols and a follow-the-sun model.

What areas does CSIR examine? 

• The organisation has proven governance in place as a team to perform high-quality engagements. 
• These procedures ensure smooth, reliable and repeatable processes.
• It asks for references and attestations from insurance and legal partners. 
• All aspects of our Digital Forensics and Incident Response process are being assessed.
  

What's next for Triskele Labs DFIR?

We are expanding our reach, so stay tuned for news in the next few weeks. Unfortunately, cyber incidents are not going away soon. Because of the requirements for the extraordinary work our team is doing, we are hiring more experts to assist outside Australia and closer to many of our insurance and legal partners.