Digital forensics and incident response (DFIR)
DFIR integrates Digital forensics, the investigation of cyberthreats to gather digital evidence for litigating criminals; and incident response, the detection and mitigation of cyberattacks in progress. Though DFIR is traditionally a reactive security function, tooling and advanced technology such as artificial intelligence (AI) and machine learning (ML), have enabled some organisations to leverage DFIR activity to influence and inform preventative measures. In such cases, making it a component within a proactive security strategy.
- Introduction
- A Windows server
- Organisation X desktop
- Standard Collector Analysis (Redline)
- IOC Search Collector (Redline)
- IOC Search Collector Analysis (Redline)
- Endpoint investigation (Redline)
- Leaking private company data (again) (Autopsy)
- Windows 10 disk image (Autopsy)
- Acceptable Use Policy violation (KAPE)
- BOB! THIS ISN’T A HORSE! (Volatility)
- That Kind of Hurt my Feelings (Volatility)
- Hunt for a nightmare (Volatility)
- Android malware analysis (Pithus and jadx)
- iOS forensics (SQLiteDB)