Specifications include, but are not limited to: Incident Response/Forensics SAWS requires forensic investigation services in the event of a security breach. Forensic Investigation: The minimum requirements for forensic investigation services are: o Initial response time: Consultant will have remote collaboration within hours (e.g. 4 hours) of notification. The Consultant will have a certified incident handler onsite within days (e.g. 2 days) of notification. o Ability to support both network and host based analysis to include: Database forensics (audit, access, destructive queries). Guarantee chain of custody and evidence in a manner that will be legally upstanding. Live memory data recovery. Capability to work across multiple Operating Systems – (Windows, OS X, Linux, Android, iOS Forensics and disk cloning). o Have team members certified in forensic tools (e.g., Encase,Forensic ToolKit ( FTK)). o Ability to staff an incident response team with Certified Incident Handlers. o Collaboration throughout the incident with the SAWS Incident Response Team. o Ability to perform immediate remediation actions and develop long term remediation plans. o Maintain chain of custody. Data Loss Prevention (DLP) Perform an internal security scan of enterprise networks to determine locations of any sensitive data. o Scan both structured and unstructured data sources. o Scan both De-militarized Zone (DMZ) and internal networks. Scan all enterprise and personal databases to identify sensitive data in tables. Scan email servers to identify sensitive data. Review current Data policies, procedures, and standards for completeness. Perform Optical Character Recognition (OCR) to identify scanned documents containing sensitive data