EDR and Forensics tools can be very expensive. This post looks at some cheap, or free, DFIR alternatives you absolutely should consider. Even if you have a good budget for high-end professional tools, it's worth building these into a toolbox you can use to solve problems or unexpected situations.
Linux DFIR may feel like it is a complicated and arcane process, but it doesn't need to be. Yes, there are challenges around memory collection and lots of modern EDR…
Linux incident response is straightforward but it does need some practice to get used to the key elements. This post looks at some of these to help kickstart your IR.
Lessons Learned is the final phase of the incident response cycle. This is where you identify the root cause of the incident and any problems or issues you faced with the response. Your findings should always feed back into the planning phase. This keeps the cycle working and improving.
Recovery is the fifth phase of the incident response cycle. This is the time to bring your services back online and restore normal business operations. Just make sure you do it in a secure manner.
Eradication is the fourth phase of the incident response cycle. This is the implementation of more permanent measures to get the attacker out of the network and keep them out.
Containment is the third phase of the IR Cycle. You investigate what happened and implement measures to stop the attack spreading or doing more harm than you are prepared to accept.
Identification is the second phase of the IR Cycle. This is where you determine if an incident has happened, what type of incident and how important it is to your business.
Preparation is the first phase of the IR Cycle. Doing well here is the difference between good incident response and dealing with a breach or crisis.
Breaches are pretty much inevitable. Having good incident response processes can be the difference between it being painful and it being catastrophic to your organisation.
Security certifications are a hot topic. No one cert is intrinsically better than others, pick the one that opens the most doors for you.
Incident response is often a stressful, high-pressure situation. Responders are desperately trying to claw together information. All around them the world is collapsing. Furthermore, everything important seems to be deleted…
Merry Christmas Halkyn Consulting will enter its Christmas shut down period on Friday 22 Dec. We remain closed to new business until Tuesday, 2 Jan 2018. As always, existing customers…
No matter how much expert knowledge you have, how good you think your memory is, using a checklist is simply good security practice.
Lots of articles, blog posts and webcasts talk about threat hunting. Despite this few, if any, organisations do it. This is a mistake. Security hit the headlines again recently, when…