This week, I delved deeper into Digital Forensics and Incident Response (DFIR), learning how to detect, investigate, and recover from cybersecurity incidents. 🚔🔍 Here are some key takeaways:
Digital Evidence Collection:
Using tools like FTK Imager and EnCase, I learned how to safely acquire digital evidence from compromised systems without altering the data. This ensures its integrity during investigations.
Incident Response Phases:
Understanding the 6 phases of Incident Response (Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned) was crucial for creating robust response strategies to mitigate threats.
Malware Analysis:
Explored reverse-engineering malware to identify vulnerabilities and craft defense mechanisms. Using tools like Wireshark, I could analyze network traffic for anomalies.
Memory Forensics:
Leveraged tools like Volatility to extract crucial forensic data from system memory, which often holds evidence that isn’t stored on disk.
Case Study:
I applied these techniques to a simulated incident where sensitive data was breached. Through rapid identification and containment, the breach was mitigated, preventing further damage.
💻 Example Code Snippet:
In this Python snippet, I extracted metadata from files to support digital evidence gathering:
import os
from datetime import datetime
def get_file_metadata(file_path):
stat_info = os.stat(file_path)
created = datetime.fromtimestamp(stat_info.st_ctime)
modified = datetime.fromtimestamp(stat_info.st_mtime)
return f"Created: {created}, Modified: {modified}"
file = 'suspicious_document.pdf'
print(get_file_metadata(file))
output result:
Screenshots of my malware analysis using Wireshark and memory forensics with Volatility included below 🔽.
#Cybersecurity #DFIR #DigitalForensics #IncidentResponse #3MTT
Akpe Silas 3MTT Nigeria Power Mongering Despot Inc IHS Towers NITDA Nigeria 3MTT Nigeria
Comments
Post a Comment