You know what they say sharing is caring. So, I recently got a new system and had to get my usual tools back on the system. I figured this would be a great time to share with you all the tools I default to and why I use them. If you work in DFIR, I … Continue reading What’s in my DFIR toolbox? | 2023
Investigation Framework Incident Scoping Evidence Collection Analysis Correlation Timeline Analysis Intelligence Correlation Reporting Reporting We finally made it, we are at the bitter end. Speaking of bitter, we are going to talk about the most dreaded part of an investigation, the report. It could be argued that reporting is perhaps the most important part of … Continue reading Investigation Framework | Part 7 – Reporting
Investigation Framework Incident Scoping Evidence Collection Analysis Correlation Timeline Analysis Intelligence Correlation Reporting Intelligence Correlation There’s one last piece of “analysis” left to do with your evidence. It’s time to take what you know and look for any similarities to know intelligence. The best way to summarize this section is “Find out if anyone else … Continue reading Investigation Framework | Part 6 – Intelligence Correlation
Investigation Framework Incident Scoping Evidence Collection Analysis Correlation Timeline Analysis Intelligence Correlation Reporting Timeline Analysis We’re past the halfway point! Even if you think you covered everything with your analysis and correlation, sometimes you need to put things to see the bigger picture. Here we will be covering creating potentially the most important aspect of … Continue reading Investigation Framework | Part 5 – Timeline Analysis
Investigation Framework Incident Scoping Evidence Collection Analysis Correlation Timeline Analysis Intelligence Correlation Reporting Correlation Welcome back, hopefully you’ve had a chance to take a break and refill your caffeine of choice. Findings only provide half the answer when dealing with investigations. As an analyst, your job is not only to discover findings but to also … Continue reading Investigation Framework | Part 4 – Correlation
Investigation Framework Incident Scoping Evidence Collection Analysis Correlation Timeline Analysis Intelligence Correlation Reporting Analysis Now we’re in the good stuff! We got an incident, we’ve scoped it perfectly and collected evidence to start our analysis. If you know the theme now, say it loud “DON’T JUST JUMP IN”. Part of analysis is also organizing your … Continue reading Investigation Framework | Part 3 – Analysis
Investigation Framework Incident Scoping Evidence Collection Analysis Correlation Timeline Analysis Intelligence Correlation Reporting Evidence Collection Firstly, we need to understand the goal. The goal is simple, we need to preserve and prepare evidence for analysis. DISCLAIMER: In some cases, you may need to preserve evidence for a legal investigation. I will go on the record … Continue reading Investigation Framework | Part 2 – Evidence Collection
When I started in infosec, I realized that I had absolutely no clue how to “investigate”. Think about how many folks out there are working in cybersecurity roles but never received training on how to investigate something. Most of the time we tend to “jump in” until something sticks out to us, but that makes … Continue reading Investigation Framework | Part 1 – Scoping
Luckily there are a ton of resources for commonly used information security software and tools, but I still sometimes have a hard time finding recommendations for what you should have physically. First of all, you don’t have to work in DFIR to follow this, it’ll be more specific to DFIR but should fit most security … Continue reading Choosing an “InfoSec” Laptop
Background Even today, in the wonderful world of 2022, phishing is still dominating the security landscape. This is not a surprise to anyone working in InfoSec or IT. In fact, most people know what phishing is whether they work within an enterprise or not. I think everyone I have talked to has seen and/or clicked … Continue reading Phishing is never going away, learn to fight it
DFIR & Ramblings 