Class 4

Logs

Logs help understand and respond to system failures
They are crucial for detecting and responding to security threats
You can proactively search for advanced threats
You can maintain records for regulatory and compliance purposes as well
Logs types:
- Application
- Audit
- Security
- Server / Web server
- System
- Network
- Database

Log2TimeLine

This tool can help colerate events from different log sources. Useful if you don't have a SIEM

Image Forensics

Images have more information in them than we think. More information can be found in the metadata of an image (or file).

exiftool picture.jpg

Steganography

This is the practice of concealing information within other data or media in a way that the hidden information is not easily detectable

This can be done with images, audio files, videos or even text

steghide embed -ef <file_to_embed> -cf <target_image>
steghide extract -sf wilmy.png

Incident Reports

What to Document?

The report needs to be highly specific and very thorough. Nothing can be missed or else it can be dismissed in court. Every step needs to be documented

There will be different sections of the report that require different types of language and technicality. This can usually be divided into two sections:

Executive Summary: Provides key incident details and recommendations to executives and stakeholders. Little to no technical language should be used and it should be a high level overview.
Technical Summary: Dive deeper into the technical aspects of the investigation providing more detail and getting nerdy 🤓

PreviousClass 3

Last updated 1 year ago