-
Digital Forensics and Incident Response
- Global Cybersecurity Camp : https://www.div0.sg/gcc, https://www.horangi.com/blog/horangi-and-global-cybersecurity-camp-gcc-empower
-
Shotgun Forensics
- “Old school”
- Image everything
- Reliance on tools – autopilot
- Pull the plug
-
Sniper Forensics
-
The process of taking a targeted, deliberate approach to forensic investigations
-
- SOC2 Compliance (compliance like iso 27001)
-
Tools and Samples
- Fast IR
- Yara
- Open IOC(Indicators of Compromise, 침해지표)
- Cloud floyd is the deep learning platform : https://www.floydhub.com/
- CISO(Chief Information Security Officer) : 최고정보보호책임자
- Open source projects (e.g. androguard)
-
Security Monitoring
- SIEM(Security information and event management)
- EDR(Endpoint Detection & Response)
- SOC(Security Operation Center)
- 컴퓨터 비상 대응팀(computer emergency response team, CERT)
-
CSIRT, Computer Security Incident Response Team : 컴퓨터 보안사고 대응팀
- Red team : focused on penetration testing of different systems and their levels of security programs.
- Blue team : it also assesses network security and identifies any possible vulnerabilities. (지속적인 특성)
-
CERT vs. CSIRT vs. SOC: A look at the similarities, differences
DFIR and Cyber Risk Leaders
2020-07-04