Incident Response in the Cloud
Moving from on-premises deployments to the cloud can offer incredible benefits to many organizations, including a plethora o…
Open-Source DFIR Made Easy: The Setup
A common challenge in the digital forensics and incident response (DFIR) community has been creating a DFIR toolkit that is …
Memory Acquisition and Virtual Secure Mode
Jason Hale has published a post about the impact of VBS on memory acqusition. With Windows 10 and Server 2016, Microsoft add…
An Academic’s View to Incident Response
Here is a talk by Martin Schmiedecker from SHA2017 on incident response: SHA2017 is a non profit outdoor Hacker camp/confere…
FLARE VM – a fully customizable, Windows-based security distribution for malware analysis
FLARE VM is a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration t…
Detecting Lateral Movement through Tracking Event Logs
Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) presented an 80-page guide on how to detect lateral m…
An Introduction to VolUtility
Basil Alawi S.Taher has posted a nice overview of how to start using VolUtility – a web frontend for Volatility framew…
Windows IR made easier and faster – Find the head of the snake using AutoRuns, Large Registry Keys, Logs, IP/WhoIs and Netflow
Windows systems are still king of the desktop and server operating systems, thus the #1 target of hackers, malware, ransomwa…
WannaCry Ransomware – Incident Response Playbook
This response plan includes steps to contain the threat, hunt for existing infections, and remediation. Following is a list …
Ten Ways to Prepare for Incident Response
McAfee has published a white paper by Jim Olmstead, Senior Consultant, Incident Response and Forensic Practice Foundstone® S…
