Concepts of Forensic Imaging

This entry is part 1 of 4 in the series Digital Forensics and Incident Response

Views: 13Core Concepts The process of imaging a disk starts by identifying the target drive, preparing it for imaging, and then creating the image file which is later verified for integrity. This needs to be performed in an environment that allows us to perform these tasks and also ensures the process is properly logged. Each … Read more

Incident Response

This entry is part 12 of 4 in the series Digital Forensics and Incident Response

Views: 1Incident response, also known as incident handling, is a cyber security function that uses various methodologies, tools and techniques to detect and manage adversarial attacks while minimizing impact, recovery time and total operating costs. Addressing attacks requires containing malware infections, identifying and remediating vulnerabilities, as well as sourcing, managing, and deploying technical and non-technical … Read more

Hunting the hunters: DFIR with Velociraptor (PART-I)

This entry is part 13 of 4 in the series Digital Forensics and Incident Response

Views: 11Introduction In the ever-evolving world of Digital Forensics and Incident Response (DFIR), having a powerful tool at your disposal is essential. Velociraptor stands out as an advanced, open-source endpoint monitoring, digital forensics, and cyber response platform. Developed by DFIR professionals, it empowers teams to hunt for specific artifacts and monitor activity across a fleet … Read more

Hunting the hunters: DFIR with Velociraptor (PART-II)

This entry is part 14 of 4 in the series Digital Forensics and Incident Response

Views: 3We covered the deployment of Velociraptor Server and Client components in the first part of this series. You can read it here if you’re interested. This part of the series will walk you through the capabilities and features of Velociraptor. Exploring the Clients from the Server GUI Searching for Clients The option “Show All” … Read more