15 Aug 2023
By Devon

Day 4 – Excerpt from Chapter 4 – User Causality in the context of DFIR

Day 4 - Excerpt from my newly released book, "Diving In - An Incident Responder’s Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn" which you can get your copy here -> https://www.amazon.com/Diving-Responders-Executives-Insurance-Audiences/dp/B0CCCHTN8R "User causality in the context of Digital Forensics science refers to the relationship between a user's actions (cause) and the resulting impact on a digital system (effect) which fundamentally underpins Locard’s Exchange Principle. Understanding this cause-and-effect relationship is…
Read More
11 Aug 2023
By Devon
Day 2 – Excerpt from “Diving In” Book by Devon Ackerman

Day 2 – Excerpt from “Diving In” Book by Devon Ackerman

Day 2 - Excerpt from the second chapter of my brand new #book, "#DivingIn - An Incident Responder’s Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn" which can be viewed and purchased here! "#Forensic examiners must be able to defensibly recover/extract relevant #evidence, preserve it, and present findings in a manner that it can be legally used in the identification and #attribution of #cybercrime. This includes being able to articulate…
Read More
10 Aug 2023
By Devon
Diving In – An Incident Responder’s Journey – An Excerpt

Diving In – An Incident Responder’s Journey – An Excerpt

Excerpt from the opening chapter of my new #book, Diving In - An Incident Responder's Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn, can be purchased here. "Digital Forensics and Incident Response (#DFIR) are two essential areas of investigative and reactive cybersecurity that aim to protect individuals, governments, and organizations of all sizes and complexity from ever-present, ever-evolving cyber threats. Legal counsel and cyber insurance carriers are often called upon…
Read More
By Devon
Diving In – An Incident Responder’s Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn

Diving In – An Incident Responder’s Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn

Digital Forensic science, commonly referred to as digital or computer forensics, is the branch of forensic science that deals with the collection, analysis, and preservation of digital data — evidence of something that has occurred. It involves the investigative use of specialized tools and techniques to defensibly extract and analyze data from a ubiquitous and continually growing array of computers, tablets, servers, smartphones, smartwatches, network devices, Internet of Things (IOT), etc. If it powers on…
Read More
12 May 2023
By Mary

InfoSec News Nuggets 05/12/2023

Australian software giant won’t say if customers affected by hack  Australian enterprise software company TechnologyOne has halted trading after confirming it was hit by a cyberattack. In a stock exchange filing on Wednesday, the Brisbane-based software maker said it had detected that “an unauthorized third-party acted illegally to access its internal Microsoft 365 back-office system.” TechnologyOne said the company’s customer-facing platform is not connected to the affected Microsoft 365 system and “therefore has not been impacted,” but when reached, the company would…
Read More
11 May 2023
By Mary

InfoSec News Nuggets 05/11/2023

Hackers attempt to extort Dragos and its executives in suspected ransomware attempt  Unknown hackers attempted to infiltrate Dragos, one of the leading industrial cybersecurity firms that works with government agencies and utilities globally, in a unsuccessful campaign that targeted the company’s executives and their family members, the firm said on Wednesday. “We are confident that our layered security controls prevented the threat actor from accomplishing what we believe to be their primary objective of launching ransomware,”…
Read More
18 May 2022
By Devon

The Effect of Ransomware After The Investigation

Ransomware. It’s a word that has become interwoven into the fabric of global corporate, business and legal vernacular. The threat is briefed to executive leadership teams during security update calls and to boards of directors during quarterly earnings calls. Its risks are part of mergers and acquisitions (M&A) strategy planning and are specifically identified in cyber insurance coverage policies with exclusions and sub-limits. And an entire industry exists around threat intelligence, in which the proverbial…
Read More
By Andrew Rathbun

Blue Team Field Manual (BTFM)

Blue Team Field Manual (BTFM) is a Cyber Security Incident Response Guide that aligns with the NIST Cybersecurity Framework consisting of the five core functions of Identify, Protect, Detect, Respond, and Recover by providing the tactical steps to follow and commands to use when preparing for, working through and recovering from a Cyber Security Incident.
Read More
By Andrew Rathbun

Intelligence-driven Incident Response

Threat intelligence—understanding the who, why, and how of attacks—is most valuable when applied directly to an organization’s incident response capability for hunting and investigation. Threat intelligence has become more common and important in recent years. However, many professionals want a better understanding of how to apply this intelligence within their operations and organizations. This book explains the fundamentals of intelligence analysis and the best ways to apply it to your incident response function.
Read More
By Andrew Rathbun

Digital Forensics and Incident Response – Second Edition

Build your organization's cyber defense system by effectively implementing digital forensics and incident management techniques Key Features Create a solid incident response framework and manage cyber incidents effectively Perform malware analysis for effective incident response Explore real-life scenarios that effectively use threat intelligence and modeling techniques Book Description An understanding of how digital forensics integrates with the overall response to cybersecurity incidents is key to securing your organization's infrastructure from attacks. This updated second edition…
Read More
28 Jan 2022
By Cassie Doemel

A Conversation about Transitioning to Incident Response

In working on AboutDFIR the last couple months, I’ve come to learn that while digital forensics and incident response share some basic foundational knowledge, they are widely different in practice. I’ve taken SANS FOR500: Windows Forensic Analysis and have been reading the recent articles about vulnerabilities, and have to say it’s been a series of eye-openers, especially coming from a law enforcement digital forensic background, as to how evidence and analysis can differ depending on…
Read More
22 Aug 2021
By Tony Knutson

SOF-ELK and Integration with KAPE

Archer: FX  Amazing how fast time flies when you're juggling so much during the trying times we all have since 2020! At at the time of publishing this article, we are all still facing a lot of uncertainties. I hope time has been gracious to you all...and continues to be!  Why this post?  As we push through some very trying times in the Digital Forensic and Incident Response world, there are two things I've experienced…
Read More
22 Feb 2020
By Devon

I want to see your Resume!

Do you know of someone just graduating with their college degree in #DFIR or #CyberSecurity or #security looking for their first job? I am interested! Send me a resume -> devon.ackerman@kroll.com with Resume in the subject line. Tag your friends, tag your colleagues.
Read More
01 Jan 2019
By Devon

Threat Hunting for Non-Threat Hunters

Posted by MIKE ART REBULTAN at https://www.peerlyst.com/posts/threat-hunting-for-non-hunters-mike-art-rebultan-mit-ceh-ecsa. Threat hunting is a proactive task with an assumption that your organization has already been breached and you wanted to beat the average “dwell time” of 256 days; at least for me as a DFIR practitioner. And this is usually done with the help of different tools that we call “arsenals”; SIEM (security information and event management) and EDR (endpoint detection and response) mostly. However, security is not…
Read More