Enterprise DFIR: How to conduct a forensic investigation of a compromised employee workstation
ฝัง
- เผยแพร่เมื่อ 1 ก.ค. 2024
- In this webinar we discuss best practices for investigating a compromised workstation within an enterprise environment, following the industry-standard NIST incident response lifecycle and forensic analysis process.
𝐇𝐨𝐰 𝐝𝐨 𝐲𝐨𝐮 𝐛𝐞𝐜𝐨𝐦𝐞 𝐚𝐧 𝐞𝐱𝐩𝐞𝐫𝐭?
* If you are looking to boost your skills and become an expert in detecting, analyzing and responding to cyber security threats, our 𝗕𝗹𝘂𝗲 𝗧𝗲𝗮𝗺 𝗠𝗮𝘀𝘁𝗲𝗿 𝗣𝗿𝗼𝗴𝗿𝗮𝗺 helps you jump ahead in your career: bluecapesecurity.com/cyber-se...
* You should also check out our affordable Practical Windows Forensics course that is featured on @TCMSecurityAcademy academy with over 1000 students to date: bluecapesecurity.com/courses/...
𝐀𝐠𝐞𝐧𝐝𝐚:
0:00 - Introduction
4:22 - Why This Presentation
6:19 - Scenario Introduction
11:06 - Detection & Analysis
18:16 - Containment and IOCs
21:27 - Forensic Analysis Process
29:26 - Data Collection Options
37:23 - Remediation
39:36 - Post-Incident
41:08 - DFIR Recommendations
44:12 - DFIR Training Process
47:30 - Blue Team Master Coaching
51:10 - Q&A
We begin with discussing initial triage activities as well as containment considerations including an overview of the pyramid of pain. The scenario also highlights one most important areas for a successful DFIR engagement: Establishing and following proper data collection approach whether we are dealing with a physical or virtual workstation in the cloud.
We also discuss which forensic artifacts to collect from a Windows system for further analysis. Lastly, successful remediation and post-incident activities are pointed out.
After the scenario, we highlight some of the most important areas that every DFIR professional should consider improving on. This includes investing in yourself to gain skills and become an expert. You will see some of the stages that every professional will go through (Beginner - Practitioner - Expert) and the challenges they are facing.
𝗙𝗼𝗹𝗹𝗼𝘄 𝘂𝘀:
Discord: / discord
Twitter: / bluecapesec
LinkedIn: / bluecapesecurity
www.bluecapesecurity.com - Cyber Security Training and Coaching - วิทยาศาสตร์และเทคโนโลยี
Do more video practical related incident response with different scenarios..
In the GMS switch the “Program” to Analog app 1 TE
Is detection engineering part of DFIR?
𝐩яⓞ𝓂𝓞Ş𝐦 🤤