Digital forensics and incident response (DFIR)

DFIR integrates Digital forensics, the investigation of cyberthreats to gather digital evidence for litigating criminals; and incident response, the detection and mitigation of cyberattacks in progress. Though DFIR is traditionally a reactive security function, tooling and advanced technology such as artificial intelligence (AI) and machine learning (ML), have enabled some organisations to leverage DFIR activity to influence and inform preventative measures. In such cases, making it a component within a proactive security strategy.

Forever in progress ...



CyberDefenders challenges




Books