TryHackMe | DFIR: An Introduction WriteUp

 

Introductory room for the DFIR module

Link- https://tryhackme.com/room/introductoryroomdfirmodule

What does DFIR stand for?

Digital Forensics and Incident Response

DFIR requires expertise in two fields. One of the fields is Digital Forensics. What is the other field?

Incident Response.

Complete the timeline creation exercise in the attached static site. What is the flag that you get after completion?


At what stage of the IR process are disrupted services brought back online as they were before the incident?

recovery

At what stage of the IR process is the threat evicted from the network after performing the forensic analysis?

eradication

What is the NIST-equivalent of the step called “Lessons learned” in the SANS process?

Post-incident Activity


That’s it! See you in the next Room :)

Comments

Eonrec

Popular posts from this blog

TryHackMe | Introduction To Honeypots Walkthrough

TryHackMe | Intro to Cyber Threat Intel WriteUp