Windows Incident Response

DFIR Core Principles

My copy of “Forensic Discovery”

There are a lot of folks new to the cybersecurity industry, and in particular DFIR, and a lot of folks
considering getting into the field. As such, I thought it might be useful to share my view of the core, foundational principles of DFIR, those basic principles I return to again and again during investigations, as well as over the course of time. For me, these principles were developed initially through a process of self-education, reading all I could from those who really stood out in in the industry. For example, consider the figure to the right…this is what pages 4 and 5 of  my copy of Forensic Discovery by Farmer and Venema look like. The rest of the pages aren’t much different. I also have a copy of Eoghan Casey’s Handbook of Digital Forensics and Investigations, which is in similar “condition”, as are several other books, including my own.

The thing we have to remember about core principles is that they don’t change over time; Forensic Discovery was published in 2005, and Casey’s Handbook, 5 yrs later. But those principles haven’t changed just because the Windows operating system has evolved, or new devices have been created. In fact, if you look at the index for Farmer and Venema’s book, the word “Windows” never appears. My last book was publ

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Windows Incident Response

Read the original article: