33: Tekninen Incident Response tutkinta - podcast episode cover

33: Tekninen Incident Response tutkinta

Oct 22, 2023•1 hr 45 min•Ep. 33

--:--

--:--

Listen in podcast apps:

Listen to this episode in Metacast mobile app

Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Tällä kertaa Uhkametsällä puhutaan teknisistä incident response tutkinnan vaiheista. Aihe on pintaraapaisu ja aika ei yhdessä jaksossa riitä käsittelemään kuin melko pintapuolisesti aihealuetta. Tämä on hieman teknisempi jatke jaksolle 26: Poikkeamanhallinta ja tutkinta.

Lähteet:
https://zeltser.com/security-incident-questionnaire-cheat-sheet/
https://www.ietf.org/rfc/rfc3227.txt
https://github.com/ufrisk/MemProcFS
https://github.com/volatilityfoundation/volatility3
https://github.com/volatilityfoundation/volatility
https://volatility3.readthedocs.io/en/stable/volatility3.plugins.html
https://github.com/VirusTotal/yara
https://github.com/DidierStevens/DidierStevensSuite/blob/master/1768.py
https://www.youtube.com/watch?v=8b6etqiIvb4 <- Christopher Lopez, Will they read my reports? Creating value driven reports
https://www.youtube.com/watch?v=gqsE2coucjg <- Selena Larson, Threat Intel for Everyone: Writing Like a Jounarlist to produce clear, concise reports
https://www.youtube.com/watch?v=vwKlNZ6mxak <- Lenny Zeltser, Hack the reader: Writing Effective Threat Reports with Lenny Zeltser
https://www.sans.org/posters/windows-forensic-analysis/
https://ericzimmerman.github.io/#!index.md
https://timesketch.org/
https://github.com/log2timeline/plaso
https://github.com/WithSecureLabs/chainsaw
https://github.com/Yamato-Security/hayabusa
https://github.com/LDO-CERT/orochi
https://www.fox-it.com/nl-en/dissect/

Instagram: https://www.instagram.com/uhkametsa/
Linkedin: https://www.linkedin.com/company/uhkametsa/

For the best experience, listen in Metacast app for iOS or Android