Let's take this a bit farther. Given your own ideas and those in the replies, how could you prepare for this scenario? What steps could you take now that would make this investigation easier when it comes up?
Reposted from
Chris Sanders 🔎 🧠
Investigation Scenario 🔎
You retrieved a running process list from a single department of 20 Windows systems.
What is your approach to find anomalies in this data set? What do you look for to investigate whether an incident occurred?
#InvestigationPath #DFIR #SOC
You retrieved a running process list from a single department of 20 Windows systems.
What is your approach to find anomalies in this data set? What do you look for to investigate whether an incident occurred?
#InvestigationPath #DFIR #SOC
Comments