Responding to Advanced Threats
Summary
Purpose
Guiding Questions
Operational Security
Preparation
Outputs
Activities
References and resources for Responding to Advanced Threats
-
Guide: "Digital First Aid Kit: My Device Is Acting Suspiciously"
-
Guide: "Recommendations for Readiness to Handle Computer Security Incidents" (CIRCL)
-
Guide: "Guide to Integrating Forensic Techniques into Incident Response" (NIST)
-
RFC: "Guidelines for Evidence Collection and Archiving" (IETF)
-
Guide: "Electronic evidence - a basic guide for First Responders" (European Union Agency for Network and Information Security)
-
Procedures: "The ThreatHunting Project" (ThreatHunting.net)
-
Resource Collection: "Annotated Reading List" (ThreatHunting.net)
-
Guide: Recovering from an intrusion (UCL Security Baselines)
-
Educational Resources Memory Samples (Volatility)
-
Educational Resources Awesome Malware Analysis
-
Presentation: Practical Malware Analysis (Mandiant / Black Hat)
-
Guide Guide to Quick Forensics Security Without Borders
-
Guide Investigating Infrastructure Links with Passive DNS and Whois Data Citizen Evidence Lab by Amnesty International
-
Guide ENISA Electronic evidence - a basic guide for First Responders
-
Guide Mahesh Kolhe et al., Live Vs Dead Computer Forensic Image Acquisition
-
Guide Justin C. Klein Keane, Capturing a Forensic Image
-
Blog SANS Digital Forensics and Incident Response Blog: Forensics 101: Acquiring an Image with FTK Imager
-
Samples Test Images and Forensic Challenges Forensic Focus
-
Samples Evidence Files and Scenarios Digital Forensics Association
Malware Analysis:
Digital Forensics: