Blue Team Field Manual (BTFM)

Blue Team Field Manual (BTFM) is a Cyber Security Incident Response Guide that aligns with the NIST Cybersecurity Framework consisting of the five core functions of Identify, Protect, Detect, Respond, and Recover by providing the tactical steps to follow and commands to use when preparing for, working through and recovering from a Cyber Security Incident.
Read More

Intelligence-driven Incident Response

Threat intelligence—understanding the who, why, and how of attacks—is most valuable when applied directly to an organization’s incident response capability for hunting and investigation. Threat intelligence has become more common and important in recent years. However, many professionals want a better understanding of how to apply this intelligence within their operations and organizations. This book explains the fundamentals of intelligence analysis and the best ways to apply it to your incident response function.
Read More

Digital Forensics and Incident Response – Second Edition

Build your organization's cyber defense system by effectively implementing digital forensics and incident management techniques Key Features Create a solid incident response framework and manage cyber incidents effectively Perform malware analysis for effective incident response Explore real-life scenarios that effectively use threat intelligence and modeling techniques Book Description An understanding of how digital forensics integrates with the overall response to cybersecurity incidents is key to securing your organization's infrastructure from attacks. This updated second edition…
Read More

A Conversation about Transitioning to Incident Response

In working on AboutDFIR the last couple months, I’ve come to learn that while digital forensics and incident response share some basic foundational knowledge, they are widely different in practice. I’ve taken SANS FOR500: Windows Forensic Analysis and have been reading the recent articles about vulnerabilities, and have to say it’s been a series of eye-openers, especially coming from a law enforcement digital forensic background, as to how evidence and analysis can differ depending on…
Read More

SOF-ELK and Integration with KAPE

Archer: FX  Amazing how fast time flies when you're juggling so much during the trying times we all have since 2020! At at the time of publishing this article, we are all still facing a lot of uncertainties. I hope time has been gracious to you all...and continues to be!  Why this post?  As we push through some very trying times in the Digital Forensic and Incident Response world, there are two things I've experienced…
Read More

I want to see your Resume!

Do you know of someone just graduating with their college degree in #DFIR or #CyberSecurity or #security looking for their first job? I am interested! Send me a resume -> devon.ackerman@kroll.com with Resume in the subject line. Tag your friends, tag your colleagues.
Read More

Threat Hunting for Non-Threat Hunters

Posted by MIKE ART REBULTAN at https://www.peerlyst.com/posts/threat-hunting-for-non-hunters-mike-art-rebultan-mit-ceh-ecsa. Threat hunting is a proactive task with an assumption that your organization has already been breached and you wanted to beat the average “dwell time” of 256 days; at least for me as a DFIR practitioner. And this is usually done with the help of different tools that we call “arsenals”; SIEM (security information and event management) and EDR (endpoint detection and response) mostly. However, security is not…
Read More