Hi all,
SANS has some great cheat sheets for IR & forensics https://digital-forensics.sans.org/community/cheat-sheets. I was just curious if anyone has others they like to reference or if anyone is willing to share personally-curated ones?
Thanks!
Hi all,
SANS has some great cheat sheets for IR & forensics https://digital-forensics.sans.org/community/cheat-sheets. I was just curious if anyone has others they like to reference or if anyone is willing to share personally-curated ones?
Thanks!
@Java a few others that I like are below. Following Lenny Zeltser in general is a great idea, he as always on top of what is going on and takes a real practical approach. Alos he is pretty active on Twitter: twitter.com/lennyzeltser
Questions you should be asking yourself during the IR process
Searching event logs from the command line using wevtutil.exe
Some general command line helps, a lot using Windows Management Instrumentation Command-line (wmic)
Would love to see some of the personally curated cheat sheets
I found a good one from the University of Connecticut’s ISO - https://security.uconn.edu/wp-content/uploads/sites/251/2015/11/Security-reference-guide.pdf. Ironically it’s also from Lenny Zeltser, as @cody.cornell referenced above.
I’m sure this is linked somewhere, but tossing it out there just in case:
ATT&CK Matrix
https://attack.mitre.org/wiki/Main_Page
There are a lot of “awesome” lists on github for everything, DFIR, malware analysis, pentest, networking and of course forensics! https://github.com/cugu/awesome-forensics
Hi @bewniac! Thanks for sharing.
Glad you’ve joined us!
Cheers,
Emma Furtado
SecOps Hub Community Manager