Introduction to Digital Forensics and Incident Response | TryHackMe DFIR скачать в хорошем качестве

Introduction to Digital Forensics and Incident Response | TryHackMe DFIR

This video provides an introduction to DFIR (Digital Forensics and Incident Response) and covers its definition, process, key concepts, tools, and a practical example of investigating a security breach. The video also covers the walkthrough of TryHackMe DFIR. ************* Receive Cyber Security Field Notes and Special Training Videos    / @motasemhamdan   ******* Writeup https://buymeacoffee.com/notescatalog... TryHackMe DFIR https://tryhackme.com/room/introducto... **** Store https://buymeacoffee.com/notescatalog... Patreon   / motasemhamdan   LinkedIn [1]:   / motasem-hamdan-7673289b   [2]:   / motasem-eldad-ha-bb42481b2   Instagram   / motasem.hamdan.official   Google Profile https://maps.app.goo.gl/eLotQQb7Dm6ai... Twitter   / manmotasem   Facebook   / motasemhamdantty   ****** 00:00 - Introduction to DFIR 00:04 - What is DFIR? 00:13 - DFIR Breakdown: Digital Forensics & Incident Response 00:24 - Definition of DFIR 00:40 - Digital Forensics vs. Incident Response 01:02 - Example: Windows Machine Communicating with C2 Server 01:36 - Understanding C2 Servers 02:11 - How Threat Intelligence Identifies C2 Servers 02:49 - Steps in DFIR Process 03:21 - DFIR for Different Devices: Computers, Phones, Medical Devices 03:42 - Difference Between Digital Forensics & Incident Response 04:02 - Example of Incident Response Workflow 04:55 - Collecting Evidence for DFIR 06:09 - Artifacts: Understanding Digital Evidence 07:05 - Preservation of Evidence and Hashing 08:01 - Chain of Custody in DFIR 08:46 - Order of Volatility in Evidence Collection 09:27 - Priority of Evidence: RAM vs. Disk 10:02 - Timeline Creation in Incident Response 10:32 - Documenting the DFIR Process 11:14 - Tools Used in DFIR 11:21 - Eric Zimmerman’s Forensic Tools 11:47 - Autopsy and Windows Forensic Analysis 12:12 - Volatility Framework for Memory Forensics 12:39 - Redline and FireEye Tools 12:49 - Velociraptor for Endpoint Monitoring 13:03 - Steps in Incident Response 13:15 - Sans vs. NIST Incident Response Frameworks 13:36 - Overview of the NIST SP 800-61 Guidelines 14:06 - Incident Preparation Phase 14:48 - Identification and Detection of Incidents 15:28 - Containment Phase in Incident Response 16:02 - Isolating a Compromised Machine 16:30 - Eradication: Cleaning a Machine from Malware 16:48 - Recovery Phase: Restoring System State 17:23 - Lessons Learned and Post-Incident Activity 17:49 - Practical Incident Response Example 18:13 - Creating a Timeline of an Attack 18:44 - Identifying Malicious Alerts in SIEM 19:07 - Detecting Cobalt Strike Download Attempt 19:29 - Filtering Network Traffic for Malicious IPs 19:50 - SSH Brute Force Attack Discovery 20:38 - Identifying Failed and Successful Login Attempts 21:20 - Analyzing System Logs for Malicious Activity 22:00 - Conclusion and Final Thoughts