Current Status
Price
Get Started
In this webinar we discuss best practices for investigating a compromised workstation within an enterprise environment, following the industry-standard NIST incident response lifecycle and forensic analysis process.
We begin with discussing initial triage activities as well as containment considerations including an overview of the pyramid of pain.
The scenario also highlights one most important areas for a successful DFIR engagement: Establishing and following proper data collection approach whether we are dealing with a physical or virtual workstation in the cloud.
We also discuss which forensic artifacts to collect from a Windows system for further analysis.
Lastly, successful remediation and post-incident activities are pointed out. After the scenario, we highlight some of the most important areas that every DFIR professional should consider improving on. This includes investing in yourself to gain skills and become an expert. You will see some of the stages that every professional will go through (Beginner – Practitioner – Expert) and the challenges they are facing.
Â
Agenda
0:00 – Introduction
4:22 – Why This Presentation
6:19 – Scenario Introduction
11:06 – Detection & Analysis
18:16 – Containment and IOCs
21:27 – Forensic Analysis Process
29:26 – Data Collection Options
37:23 – Remediation
39:36 – Post-Incident
41:08 – DFIR Recommendations
44:12 – DFIR Training Process
47:30 – Blue Team Master Coaching
51:10 – Q&A
Â
You must log in and have started this course to submit a review.