DFIR-Training-Course-Image-1_Course-Image

Intro to DFIR: The Divide & Conquer process

FeaturedHot
basis

Training

Event Type
  • Course
  • On Demand
Delivery Method
Online
Cost
Free
Provider
Basis Technology
Website
https://www.cybertriage.com/training/
Online Only

A big challenge when learning about how to investigate endpoints and servers is keeping track of all of the artifacts that you need to consider. It’s a daunting list.

In our new incident response training course, you’ll learn Brian Carrier’s systematic approach to endpoint investigations and how to apply it: the “Divide & Conquer” process. This approach focuses on breaking down big, vague investigative questions, such as “is there malicious user activity?” into smaller and smaller questions that can ultimately be answered by a category of artifacts, such as “Login Events.” The goal is to make a simple, mental model of the important questions and artifact categories.