像考官一样思考.pdf

《像考官一样思考.pdf》由会员分享，可在线阅读，更多相关《像考官一样思考.pdf（26页珍藏版）》请在三个皮匠报告上搜索。

1、Think like more than an Examiner or an Analyst:How Cyber Investigations have evolved Digital Forensics and Incident ResponseTaking your skillset from expert to masterclasswhoamiAcademic Careerist(finally done!.maybe)Lots of letters 16 years in various roles US Federal Government Private Sector Consu

2、lting Alphabet Letter Collector Even more letters Certified Fraud ExaminerResearcher and proverbial sponge for learning Academic Careerist DSc,MS,MPA,BS,AAS16 years in various roles US Federal Government Private Sector Consulting Alphabet Letter Collector 25 GIAC certifications(GSP)Various other IT/

3、Security certifications Certified Fraud ExaminerResearcher What am I going to drone on about?Reactive vs Investigative Mindsets The DFIR Digital DivideLeveling Up Practical(and I mean practical)RecommendationsWe need to be honest with ourselves and our industry.“All analysts are created equal,just s

4、ome more than others”-Probably Orwell(Definitely Eric Zimmerman)Addressing the Digital Divide Some have SOAR and automate memory collection&analysis Some have a“Gandolf”who has seen it all Some have 24/7 CSIRT operations along with a hybrid MDR and a monthly pizza fund Others are Googling how to cre

5、ate the maps for Linux memory Others are using Shadow IT to make it work Others are fueled by caffeine and adult beveragesWhat are we supposed to do without all those toys?!Plenty of FOSS out there that can alleviate the need for expensive tools Tools Analytical knowledge Knowing what your data cont

6、ains?Is your team siloed?How big is the Incident Response Field?Leveling up our skills from A-Tier to S-TierMoving from the“what happened”to“why did it happen”“Who benefits?”Challenge your own theories poke holes Behavioral ProfilingMatrix for validity of source of evidenceVisual representations Don