Responds to crises or urgent situations within the pertinent domain to mitigate immediate and potential threats. Uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities.
Below are the roles for this Specialty Area. Click each role to see the KSAs (Knowledge, Skills, and Abilities) and Tasks. (IN-FOR-002) Work Role Analyzes digital evidence and investigates computer security incidents to derive useful information in support of system/network vulnerability mitigation. A0005: Ability to decrypt digital data collections.
Getting started in DFIR
Introduction to DFIR
One of my favorite things is talking to students and people new to the security field. It feels like yesterday I was wandering around the first Shmoocon as a student in awe of the people I met and the work they were doing.
Building your lab or a test environment
Summit Route - Iterative Defense Architecture
I recently discussed Iterative Defense and the Intruder's Dilemma to introduce the concept of the benefits of a feedback loop in defense. This post describes at a high-level what that architecture looks like and provides an example that we'll work towards in future posts. My goal is to move from the theoretical to an actual implementation.
Learning DFIR common tools and techniques
13Cubed is a side project maintained by me, Richard Davis. This channel covers information security-related topics including Digital Forensics and Incident R...
Episode 1: Let's learn in bite sized chunks - 3MinMax Series is born!
The SANS 3MinMax series with Kevin Ripa is designed around short, three-minute presentations on a variety of topics from within Digital Forensics, Incident R...
Learning adversary tactics
SpecterOps recently decommissioned our PowerShell course and rather than letting it collect dust, we wanted to offer it up to the community for free in the spirit of our commitment to transparency. We are extremely grateful for all of our students who were able to attend the course in person.
Being ready for the cloud
In the Defender path, that target is now viewed as the victim and you'll work as an incident responder for that same app, understanding how an attack happened. You'll get access to logs of a previous successful attack. As a Defender you'll learn the power of jq in analyzing logs, and instructions on how to set up Athena in your own environment.
Brought to you by Scott Piper of Summit Route, an independent AWS security consultant. Welcome to the flAWS 2 challenge! Similar to the original flAWS.cloud (also created by Summit Route), this game/tutorial teaches you AWS (Amazon Web Services) security concepts. The challenges are focused on AWS specific issues, so no buffer overflows, XSS, etc.
Attack Detection Fundamentals: Initial Access - Lab #1
In the first part of F-Secure Consulting's Attack Detection Workshop series, covering Initial Access, we explored a number of offensive techniques for obtaining a foothold within a target environment through the creation and successful delivery of malicious documents (also known as maldocs).
LetsDefend Blue Team Academy
Blue team training contents for improving defensive side of cybersecurity skills
Training with real-world exercises
OpenSOC - Network Defense Simulation
Best part of all, a key motivation behind OpenSOC is the demonstration of how powerful open-source tools can be for Security Operations. Every single security system utilized in the virtual enterprise within OpenSOC is an open-source platform. That's right, everything. Firewalls, SIEM, log aggregation, IDS/IPS, HIDS, anti-virus, honeypots, mail filtering, etc.
Malware analysis training
How You Can Start Learning Malware Analysis
Malware analysis sits at the intersection of incident response, forensics, system and network administration, security monitoring, and software engineering. You can get into this field by building upon your existing skills in any of these disciplines. As someone who's helped thousands of security professionals learn how to analyze malware at SANS Institute, I have a few tips for how you can get started.
Introduction to Malware Analysis and Reverse Engineering
Introduction to Malware Analysis and Reverse Engineering CS6038/CS5138 Malware Analysis Department of Electrical Engineering and Computing Systems College of Engineering and Applied Science University of Cincinnati Meets every Tue/Thu in 3210 RECCENTER @ 4:00PM-5:20PM Want to participate?: Apply to Graduate School Here This class will introduce the CS graduate students to malware concepts, malware analysis, and black-box reverse engineering techniques.
Existing curated collection of resources
From the most to the least curated
ENISA CSIRT training material was introduced in 2008. In 2012, 2013 and 2014 it was complemented with new exercise scenarios containing essential material for success in the CSIRT community and in the field of information security. In these pages you will find the ENISA CSIRT training material, containing Handbooks for teachers, Toolsets for students and Virtual Images to support hands on training sessions.
This is a list of over 100 free DFIR and Cybersecurity related training courses and resources that I've heard of. When I was trying to get into the field, there was so much I wanted to learn, but I couldn't afford training.
Home - AboutDFIR - The Definitive Compendium Project
Submit Resources Looking to add your DFIR or related resource to the AboutDFIR.com Definitive Compendium project? Use one of the submission pages to the right to have your resources added. Submit Feedback/Resource/Research Idea Use this singular form for all Research Ideas, Resource submissions, and Site Feedback.
A curated list of tools and resources for security incident response, aimed to help security analysts and DFIR teams. Digital Forensics and Incident Response (DFIR) teams are groups of people in an organization responsible for managing the response to a security incident, including gathering evidence of the incident, remediating its effects, and implementing controls to prevent the incident from recurring in the future.
Curated list of awesome free (mostly open source) forensic analysis tools and resources.