I did a few talks covering "Analysis without Paralysis" over the past year, and every time I finished I immediately thought I need to get this documented. Well, today I've taken the first step. I've always struggled to learn and teach others how to analyze and think through an investigation. You have likely seen several … Continue reading Learning to ADAPT | Framework for analyzing any evidence in IR
DFIR
Featured
Why Learning Through Books is Key in Cybersecurity
If you're diving into cybersecurity, remember: you're always learning! Books, despite some hesitations, are key to that journey. They offer depth and context, unlike quick online content. While there are duds out there, many great reads can supercharge your skills. So, don’t overlook them! Happy reading!
The Power of Storytelling in IT and Cybersecurity
One skill I never expected to learn as I grew into a security practitioner is the Art of Storytelling. When you first hear about telling a story, you may think about children’s storybooks or fiction novels. However, stories exist in EVERYTHING, they just require some intention. Storytelling isn’t always about creating one rather finding the … Continue reading The Power of Storytelling in IT and Cybersecurity
Chaos to Clarity: Why Triage is Not Optional
As someone who works, lives and breathes in the world of Digital Forensics and Incident Response (DFIR), there is one skill that I think is often overlooked. Triage. It is a step we often forget since we want to jump straight into forensic analysis. However, skipping triage often means you have no idea where to … Continue reading Chaos to Clarity: Why Triage is Not Optional
Where does macOS fit into DFIR?
Isn’t Windows DFIR enough? If you work in Digital Forensics and Incident Response (DFIR) or even just read about it on the side, you know Windows DOMINATES the field. Windows is still king when it comes to organizational/business use. Therefore, more Windows systems are being targeted and hacked by these pesky adversaries. So, don’t get … Continue reading Where does macOS fit into DFIR?
Get Good at Documentation
PLAN IT Photo by Bich Tran on Pexels.com Figure out what you need to do Firstly, the idea of documenting something is far easier when you are actively trying something. Don’t wait until the task is finished, since you will forget a lot of what you've done. Another great way to start is to test … Continue reading Get Good at Documentation
What’s in my DFIR toolbox? | 2023
You know what they say sharing is caring. So, I recently got a new system and had to get my usual tools back on the system. I figured this would be a great time to share with you all the tools I default to and why I use them. If you work in DFIR, I … Continue reading What’s in my DFIR toolbox? | 2023
Investigation Framework | Part 7 – Reporting
Investigation Framework Incident Scoping Evidence Collection Analysis Correlation Timeline Analysis Intelligence Correlation Reporting Reporting We finally made it, we are at the bitter end. Speaking of bitter, we are going to talk about the most dreaded part of an investigation, the report. It could be argued that reporting is perhaps the most important part of … Continue reading Investigation Framework | Part 7 – Reporting
Investigation Framework | Part 6 – Intelligence Correlation
Investigation Framework Incident Scoping Evidence Collection Analysis Correlation Timeline Analysis Intelligence Correlation Reporting Intelligence Correlation There’s one last piece of “analysis” left to do with your evidence. It’s time to take what you know and look for any similarities to know intelligence. The best way to summarize this section is “Find out if anyone else … Continue reading Investigation Framework | Part 6 – Intelligence Correlation
Investigation Framework | Part 5 – Timeline Analysis
Investigation Framework Incident Scoping Evidence Collection Analysis Correlation Timeline Analysis Intelligence Correlation Reporting Timeline Analysis We’re past the halfway point! Even if you think you covered everything with your analysis and correlation, sometimes you need to put things to see the bigger picture. Here we will be covering creating potentially the most important aspect of … Continue reading Investigation Framework | Part 5 – Timeline Analysis
ChocolateCoat4N6 