TryHackMe | DFIR: An Introduction WriteUp
Introductory room for the DFIR module
Link- https://tryhackme.com/room/introductoryroomdfirmodule
What does DFIR stand for?
Digital Forensics and Incident Response
DFIR requires expertise in two fields. One of the fields is Digital Forensics. What is the other field?
Incident Response.
Complete the timeline creation exercise in the attached static site. What is the flag that you get after completion?
At what stage of the IR process are disrupted services brought back online as they were before the incident?
recovery
At what stage of the IR process is the threat evicted from the network after performing the forensic analysis?
eradication
What is the NIST-equivalent of the step called “Lessons learned” in the SANS process?
Post-incident Activity
That’s it! See you in the next Room :)
Comments
Post a Comment