Webinar Description
Key Takeaways
- Digital forensics and incident response professionals will explain how organisations should act immediately following a data breach
- Topics include evidence collection, threat-actor tactics, privilege preservation and defensible response strategies
- Designed for legal, compliance and cybersecurity professionals responsible for breach preparedness
- Addresses the intersection of legal obligations and technical investigation requirements
- Covers emerging social engineering threats and post-breach mitigation considerations
Introduction
The Cyber Academy Webinar: Best Practices in Forensic Investigations brings together legal and technical expertise to address one of the most consequential challenges facing modern organisations: responding effectively to a data breach in its critical early hours. Hosted by Constangy, Brooks, Smith & Prophete, LLP, this session is designed for legal counsel, compliance officers and cybersecurity professionals who need to understand both the technical realities of digital forensics and the legal frameworks that govern incident response.
Data breaches continue to escalate in frequency and sophistication, with threat actors employing increasingly complex tactics to compromise organisational systems. The period immediately following breach discovery often determines whether an organisation can contain damage, preserve critical evidence and maintain a defensible legal position. Missteps during this window can amplify regulatory exposure, complicate litigation and erode stakeholder confidence.
About This Event
This webinar takes place on 23 July 2026 and features Todd Rowe, a partner in the Constangy Cyber Team, alongside Devon Ackerman, Global Head of Digital Forensics and Incident Response at Cybereason. The pairing of a data breach lawyer with a forensic investigator reflects the dual nature of effective breach response, which requires simultaneous attention to legal obligations and technical realities.
The session format allows participants to gain practical insights from professionals who regularly manage live incidents, rather than theoretical frameworks that may not translate to operational environments.
The Forensic Investigation Process
Digital forensics and incident response, commonly abbreviated as DFIR, encompasses the systematic collection, preservation and analysis of digital evidence following a security incident. The webinar will provide an overview of how forensic investigators approach this process, from initial detection through to the production of findings that inform both legal strategy and business decisions.
Evidence collection in the immediate aftermath of a breach requires careful coordination between technical teams and legal counsel. Improper handling can compromise the evidentiary value of digital artefacts, potentially undermining subsequent litigation or regulatory proceedings. The session will address how organisations can establish protocols that satisfy both forensic requirements and legal standards for evidence preservation.
Understanding the lifecycle of a cyber intrusion helps organisations recognise the stages through which threat actors typically progress, from initial access through lateral movement to data exfiltration. This knowledge enables more effective containment strategies and helps incident responders anticipate attacker behaviour during active investigations.
Legal Considerations in Breach Response
The role of legal counsel extends well beyond regulatory notification requirements. Attorneys involved in incident response must navigate complex questions around privilege preservation, ensuring that communications and work product generated during an investigation remain protected. The webinar will examine how organisations can structure their response efforts to maintain privilege while still enabling effective technical investigation.
A defensible response requires documentation and decision-making processes that can withstand scrutiny from regulators, plaintiffs’ counsel and business partners. Organisations that fail to establish clear protocols before an incident often find themselves making consequential decisions under pressure, without adequate consideration of downstream implications.
Compliance risk varies significantly depending on the nature of compromised data, affected jurisdictions and applicable regulatory frameworks. Healthcare organisations face obligations under HIPAA, financial institutions must consider requirements from multiple regulators, and any organisation handling personal data of European residents must account for GDPR notification timelines. The intersection of these requirements with forensic investigation timelines creates operational challenges that benefit from advance planning.
Current Threat Landscape and Social Engineering
The session will address current threat-actor tactics, providing attendees with insight into how adversaries are currently operating. This intelligence helps organisations calibrate their defensive posture and incident response capabilities against realistic threat scenarios rather than outdated assumptions.
Social engineering attacks continue to evolve, with threat actors developing increasingly sophisticated techniques to manipulate employees into providing access credentials or executing malicious actions. The webinar will examine emerging trends in this area, helping participants understand how human factors contribute to breach scenarios and how organisations can address these vulnerabilities through both technical controls and awareness programmes.
Post-Breach Mitigation and Recovery
Effective breach response extends beyond immediate containment to encompass longer-term mitigation and recovery efforts. The session will address considerations for the post-breach period, including remediation of exploited vulnerabilities, enhancement of security controls and communication strategies for affected stakeholders.
Organisations that treat breach response as a discrete event rather than an ongoing process often find themselves vulnerable to repeat incidents. The lessons learned from forensic investigation should inform improvements to security architecture, monitoring capabilities and incident response procedures.
Who Should Attend
This webinar is particularly relevant for in-house counsel responsible for data privacy and cybersecurity matters, compliance officers who must ensure regulatory obligations are met during incidents, and information security professionals who lead technical response efforts. Chief information security officers and their teams will benefit from understanding the legal dimensions of their work, while legal professionals will gain insight into the technical realities that shape investigation timelines and capabilities.
Organisations that have not yet experienced a significant breach may find the session valuable for developing or refining their incident response plans. Those that have navigated previous incidents can benchmark their approaches against current best practices and identify opportunities for improvement.

