New Forensic Resource
What to do after you find TeamViewer:
→ Log files to find activity details
→ Executables to find installation times
→ Domains to find download source
Learn how to corroborate timelines to investigate suspicious TeamViewer.
www.cybertriage.com/blog/dfir-ne...
This week's Defender Fridays features @carrier4n6.bsky.social, CEO of Sleuth Kit Labs, discussing EDR, DFIR and Endpoint Triage.
Perfect for security professionals at any level looking to enhance their endpoint investigation skills.
Register here: limacharlie.io/defender-fri...
#cybersecurity
Webinar Tomorrow - Automation and AI in DFIR and the SOC.
Myself, Sentinel1, and CompassMSP will talk about pros/cons of automating DFIR and SOC tasks.
Come tell us we're wrong!
May 8. 11AM Eastern.
register.gotowebinar.com/register/672...
Digital forensics has always relied on automation and "push buttons". What's changed is how many things we automate and the technologies used.
No one ever chose to manually parse FAT12 floppy drives with a hex editor when they could have a tool list out the file names.
EDR Evasion 101 - Blocking
Data needs to get to the EDR server to be analyzed for attacks. Blocking techniques prevent data from getting to the server.
Example: Network filter to block packets destined to the server.
www.cybertriage.com/edr_evasion
#DFIR Automation Series
I use 4 levels of automation ranging from none to fully automated.
I think an ideal solution is to use full automation for low risk decisions. And recommendations for higher risk.
We use recommendations in Cyber Triage by scoring each artifact. You ultimately decide.
I'm super excited for this webinar. Sid is a super smart AI / LLM guy and it will be a good session to learn how to use AI in #DFIR and what's hype.
We'll also show Cyber Triage hooked up to an LLM so that you can query artifacts.
Automation is when the tool does the next step for you.
That doesn't mean it does the final step and concludes the investigation. Just a bunch of the needed steps in between. Automation still requires an investigator who asks the right questions and can understand context.