ออฟไลน์ด้วยแอป Player FM !
Episode 3 - NIST SP 800-61 Computer Security Incident Handling Guide (Detection)
Manage episode 422217120 series 3578563
In this 45 minute episode Clint covers a lot of ground based on the Detection phase of NIST 800-61.
Attack vectors for digital security incidents, including insider threats and weaponized USBs.
Cybersecurity incident response and detection, including NIST guidelines and Sysmon logging augmentation
The importance of following temporal linearity in Forensic Investigations, expanding analysis to 5-10 minutes prior to and after events, particularly in Internet History and Memory Dumps
Building a baseline of activity through network pcaps and log analysis
Why synchronised clocks are important?
How detailed notes help in your investigations
16 ตอน
Manage episode 422217120 series 3578563
In this 45 minute episode Clint covers a lot of ground based on the Detection phase of NIST 800-61.
Attack vectors for digital security incidents, including insider threats and weaponized USBs.
Cybersecurity incident response and detection, including NIST guidelines and Sysmon logging augmentation
The importance of following temporal linearity in Forensic Investigations, expanding analysis to 5-10 minutes prior to and after events, particularly in Internet History and Memory Dumps
Building a baseline of activity through network pcaps and log analysis
Why synchronised clocks are important?
How detailed notes help in your investigations
16 ตอน
ทุกตอน
×ขอต้อนรับสู่ Player FM!
Player FM กำลังหาเว็บ