Investigation Framework Incident Scoping Evidence Collection Analysis Correlation Timeline Analysis Intelligence Correlation Reporting Correlation Welcome back, hopefully you’ve had a chance to take a break and refill your caffeine of choice. Findings only provide half the answer when dealing with investigations. As an analyst, your job is not only to discover findings but to also … Continue reading Investigation Framework | Part 4 – Correlation
Investigation Framework | Part 3 – Analysis
Investigation Framework Incident Scoping Evidence Collection Analysis Correlation Timeline Analysis Intelligence Correlation Reporting Analysis Now we’re in the good stuff! We got an incident, we’ve scoped it perfectly and collected evidence to start our analysis. If you know the theme now, say it loud “DON’T JUST JUMP IN”. Part of analysis is also organizing your … Continue reading Investigation Framework | Part 3 – Analysis
Investigation Framework | Part 2 – Evidence Collection
Investigation Framework Incident Scoping Evidence Collection Analysis Correlation Timeline Analysis Intelligence Correlation Reporting Evidence Collection Firstly, we need to understand the goal. The goal is simple, we need to preserve and prepare evidence for analysis. DISCLAIMER: In some cases, you may need to preserve evidence for a legal investigation. I will go on the record … Continue reading Investigation Framework | Part 2 – Evidence Collection
Investigation Framework | Part 1 – Scoping
When I started in infosec, I realized that I had absolutely no clue how to “investigate”. Think about how many folks out there are working in cybersecurity roles but never received training on how to investigate something. Most of the time we tend to “jump in” until something sticks out to us, but that makes … Continue reading Investigation Framework | Part 1 – Scoping
Choosing an “InfoSec” Laptop
Luckily there are a ton of resources for commonly used information security software and tools, but I still sometimes have a hard time finding recommendations for what you should have physically. First of all, you don’t have to work in DFIR to follow this, it’ll be more specific to DFIR but should fit most security … Continue reading Choosing an “InfoSec” Laptop
Phishing is never going away, learn to fight it
Background Even today, in the wonderful world of 2022, phishing is still dominating the security landscape. This is not a surprise to anyone working in InfoSec or IT. In fact, most people know what phishing is whether they work within an enterprise or not. I think everyone I have talked to has seen and/or clicked … Continue reading Phishing is never going away, learn to fight it
Transitioning from Forensic Science to Digital Forensics
If you scroll down and look at the earliest content on this site you'll see a couple posts about forensic science. Truth is, when I was seriously considering a career I was hyper focused on becoming a forensic scientist. Either a crime scene tech, state crime lab, or for an forensic science research organization. I … Continue reading Transitioning from Forensic Science to Digital Forensics
Blood Splatter vs. Blood Spatter
Perhaps, my favorite subject in all of Forensic Science. It's about analyzing the trajectory, size, and pattern of blood, but what is it called? Everyone who has studied the topic knows there is a debate on whether it is called Blood Splatter Analysis or Blood Spatter Analysis. Both words make sense in general. So let's … Continue reading Blood Splatter vs. Blood Spatter
CSI vs. Reality
How accurate are TV Shows like CSI?
ChocolateCoat4N6 