In an age where data breaches and malware infections are quickly becoming the norm, we must prepare for Digital Forensics and Incident Response (DFIR). Most DFIR talks and advice discuss what to do once an incident has occurred. Instead, this talk provides Security Architects, System Administrators, SOC teams, and management new techniques and advice to supercharge their IR capabilities by preemptively collecting forensic evidence as a baseline. The content provided in this presentation goes beyond the age-old advice of verbose logging and asset inventories. It will promote a cooperative relationship between DFIR and the rest of the “Blue Team.” During this presentation, blue teamers and management will be armed with actionable advice as to how to pre-emptively capture artifacts as baselines BEFORE anything ever happens and the actions to take WHEN something happens.
Home Presentations Dear Blue Team: Forensic Advice to Non-Forensic Professionals to Supercharge Organization DFIR
-
Find out what happened during a ransomware attack on computer
Introduction The encryption pandemic has swept the world. No commercial companies or gover… -
PC3000 Portable III in Digital Forensics
Introduction Sooner or later, most forensics experts have to deal with damaged hard drives… -
How to analyze different types of devices and find connections between them
Modern digital forensics and incident response cases may involve quite different types of …
Load More Related Articles
-
Launching APOLLO: Creating a Simple Tool for Advanced Forensic Analysis
Last week Sarah Edwards attended MacDevOpsYVR in Vancouver, Canada, and had a talk about h… -
A Brief History of Attribution Mistakes
This presentation will examine the analytic mistakes the infosec community has made over t… -
Windows Store & Apps Analysis
Here are research, tools and scripts presented at Magnet User Summit 2019 by Yogesh Khatri…
Load More In Presentations
Comments are closed.
