Tuesday, January 31, 2023
  • “Like we’re living through a war”: U.S. Road Deaths Hit 16 Year High
  • USENIX Security ’22 – Jay Bosamiya, Wen Shih Lim, Bryan Parno – ‘Provably-Safe Multilingual Software Sandboxing Using WebAssembly’
  • The Evolution of Data Privacy Laws
  • Google’s open source team layoffs: Your software supply chain security is at risk
  • Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 417’

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Incident Response Security Bloggers Network 

Home » Cybersecurity » Incident Response » Incident Response Basics: Getting started with DFIR

SBN

Incident Response Basics: Getting started with DFIR

by Travis Smith on October 22, 2018

The digital world has borrowed terminology and principals form the kinetic world for decades. We’ve all heard of an upcoming cyber war using cyber bullets spawned from the digital pearl harbor. We have gangs, as well as cyber-gangs, or criminals, as well as cyber criminals. The reason there are so many comparisons is that there are a lot of parallels between the digital and physical world around us.

TechStrong Con 2023Sponsorships Available

One of the most fascinating areas of information security to me is digital forensics and incident response, or DFIR. Understanding how an attack took place and piecing together the puzzle with the scattered pieces is a difficult challenge, especially when some or all of the pieces may be missing.

Years ago, a mentor of mine told me about Locard’s Exchange Principle. A criminal is always going to bring something to and leave something from a crime scene.

For the digital world, Locard’s principle is solid. An attacker coming in is going to introduce change and leave behind modified files, new services, audit logs and any number of evidence behind. Even the best attackers who clean their tracks are still going to leave some trace evidence behind.

The challenge for incident responders is to find those traces in order to piece together a picture of what might have happened on the systems they are investigating. While pulling memory from an endpoint and using a tool, such as Volatility, is comprehensive when doing analysis, gathering memory from multiple machines across an enterprise can become a lengthy and costly process.

Before doing costly incident response procedures such as memory analysis, you should first determine which systems might require that level of analysis. Doing live disk analysis of a system can help make that decision of which systems to take memory from. When doing a (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Travis Smith. Read the original post at: https://www.tripwire.com/state-of-security/incident-detection/incident-response-dfir/

October 22, 2018October 23, 2018 Travis Smith DFIR, Digital Forensics, Featured Articles, Incident Detection, Incident Response
  • ← Women in Information Security: Jennifer Fernick
  • 35 Million U.S. Voter Records Available for Sale on Hacker Forum →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows
TSTV Podcast

Subscribe to our Newsletters

Most Read on the Boulevard

More Details of LastPass Breach: Hackers Used Stolen Encryption Key
‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al
Chainguard Unveils Memory-Safe Linux Distribution
Securing Against Supply Chain Attacks
FTC Proposes Eliminating Non-Compete Clauses
What role does Cloud Computing play in Banking and Financial Services?
Get Started with Fairwinds Insights (Free Tier), Kubernetes Governance Platform
What’s New in Node.Js 19?
VMware vRealize Log Insight VMSA-2023-0001 IOCs
Job scams impersonate companies still hiring following tech layoffs

Upcoming Webinars

Feb 01

Achieving DevSecOps: Reducing AppSec Noise at Scale

February 1 @ 1:00 pm - 2:00 pm
Feb 13

AI in Machine Learning

February 13 @ 1:00 pm - 2:00 pm
Feb 15

Understanding Cyber Insurance Identity Security Requirements for 2023

February 15 @ 11:00 am - 12:00 pm
Feb 15

Where Will DevSecOps ‘Shift’ Next?

February 15 @ 1:00 pm - 2:00 pm
Feb 21

Headwinds, Crosswinds and Tailwinds: Securing the Cloud in Turbulent Times

February 21 @ 1:00 pm - 2:00 pm
Feb 22

Best Practices to Secure Your Software Supply Chain

February 22 @ 1:00 pm - 2:00 pm
Feb 28

SaaS-Based Container Networking and Security on Amazon EKS

February 28 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

The State of Cloud Native Security 2020

Industry Spotlight

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew
Analytics & Intelligence API Security Application Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew

January 23, 2023 Richi Jennings | Jan 23 0
T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks
Analytics & Intelligence API Security Careers Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks

January 20, 2023 Richi Jennings | Jan 20 0
APIs in Vehicle Software Vulnerable to Attacks
API Security Application Security Cybersecurity Data Security Featured Industry Spotlight Malware Security Boulevard (Original) Threat Intelligence Vulnerabilities 

APIs in Vehicle Software Vulnerable to Attacks

January 18, 2023 Sue Poremba | Jan 18 0

Top Stories

Another Password Manager Leak Bug: But KeePass Denies CVE
Analytics & Intelligence API Security Application Security Cybersecurity Data Security Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Malware Most Read This Week News Popular Post Securing Open Source Security Awareness Security Boulevard (Original) Social Engineering Software Supply Chain Security Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

Another Password Manager Leak Bug: But KeePass Denies CVE

January 31, 2023 Richi Jennings | Yesterday 0
Chainguard Unveils Memory-Safe Linux Distribution
Application Security Cybersecurity Featured Mobile Security Network Security News Security Awareness Security Boulevard (Original) Spotlight 

Chainguard Unveils Memory-Safe Linux Distribution

January 27, 2023 Michael Vizard | 4 days ago 0
‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al

January 27, 2023 Richi Jennings | 4 days ago 0

Security Humor

Robert M. Lee's & Jeff Haas' Little Bobby Comic - 'WEEK 417’

Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 417’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.