Teaser: How to think about an investigation
Category: Digital Forensics Incident Response
Computer forensics, network forensics, small device forensics, and other forms of digital, and computer based forensics along with associated investigative considerations.
FireEye becomes Solarwinds
Rather than throw more ink on the evolving story of the recent breaches of two security companies. The goal of this short piece is to give actionable insight into things you can do recovering from a vendor exposure. As expected,…
Incident Response to the FireEye Tool Exposure
There will be a lot of ink spilled on this topic. My only goal with this simple write up is to provide actionable objectives. As such we’re going to start out with a few things to start out the conversation.…
Incident response: Puzzle pieces and misadventure
The blinds were drawn, a glass of water sat sweating in the humidity, and as I looked around the room some very distraught men in suits looked back at me. The middle of a Midwest summer I had just climbed…
Research note: Security testing through forensic resistance
Senate Intelligence Committee hearing on Russia election interference
Attribution of cyber adversaries
Key Points: Attribution has three distinct layers; political, technical, and forensic with each having different confidence levels and analysis strategies Adversaries must interact with systems to exploit them and this creates evidence or anomalies that can be used for attribution…
Hiring military leaders off the street
Lots of snark talk from the military types out there. I understand it, but don’t have to agree with it. Over the weekend Military Times put out an article that above the fold states. Defense Secretary Ash Carter wants to…
Digital forensic books
A not comprehensive reading list. Some of these are new, some are old, but they give a good overview of the discipline. If the book has exercises it is a good idea to do them. Operating System and Platform…
Levels of attribution
This gallery contains 1 photo →
Research Note: Investigating a breach
Many people are talking about the attribution of the Sony hack. Was it or was it not North Korea? I do not care. I thought I would talk about a couple of things in driving towards attribution and analysis of…
UCF: Digital forensics in the age of the Internet of things: Challenges and opportunities
Abstract: The term “Internet of things” has different meaning to each of the constituent communities building services and devices. One community though is having to rapidly evolve and that is the digital forensics and incident response community. Whether it is…
Strategic incident response to increase information security after breaches
Another day, another breach, and more credit cards are on the open market. I’m not sure what the thieves are going to be doing with the credit cards at this point but let’s take a look at where we are…
SecureWorld 2014, Digital forensics and the Internet of things
Slides as promised. This is a redacted slide deck due to the sensitive nature of some of the data. The presentation is meant to be about 2 hours long, but was 45 minutes at SecureWorld in Indianapolis. If you want…
CERIAS Seminar slides, West Lafayette Indiana
Slides as promised This is an expanded slide deck of a previous presentation. Still got about two-dozen that haven’t made it out front yet 🙂 Threat Intelligence and Digital Forensics (pdf)