The vendor(s) must be capable of delivering the following services: • Rapid Response: o Acknowledge and initiate communication with Minnesota State staff within 4 hours of notification. o Be available onsite within 2 business days, if requested. • Engagement Planning: o Develop a Statement of Work (SOW) for each engagement, outlining the scope, objectives, and deliverables. • Forensic Analysis: o Perform network and host-based forensic investigations, including database forensics (e.g., audit trails, access logs, destructive queries). o Conduct live memory capture and analysis. o Analyze system and network logs to identify indicators of compromise. o Perform static and dynamic malware analysis. • Technical Capabilities: o Work across multiple operating systems, including Windows, macOS, Linux, Android, and iOS. o Create forensically sound images of affected systems. o Ensure chain of custody and evidence handling procedures that meet legal admissibility standards. • Remediation Support: o Provide immediate recommendations for containment and mitigation. o Assist in developing long-term remediation strategies. • Reporting: o Deliver a comprehensive report detailing investigative findings, methodologies, and conclusions.
