[throwbsidbdk]

You could hire a firm that specializes in this sort of thing, but it's going to be expensive. Look for the guys that build security tools, like a company that worked on metasploit or has submitted multiple bug bounties. I know some of the makers of anti virus software will investigate this kind of thing for a (steep) price.

Basic computer forensics needs a copy of the drive as unaltered as possible so you should start with that before running or installing anything. Basically don't run the server if you want to be able to get anything our of it.

If it's not a user data breach its par the course to reintsall and sweep it under the rug lol.

Next time make sure the server takes snapshots and dumps logs to an external place where they can't be deleted.