tag:blogger.com,1999:blog-4080617372940068027.post1937733112397089073..comments2024-03-13T01:32:25.097-04:00Comments on Journey Into Incident Response: Improving Your Malware Forensics SkillsCorey Harrellhttp://www.blogger.com/profile/15008629321023489214noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-4080617372940068027.post-20853252987430668342014-06-28T08:16:59.352-04:002014-06-28T08:16:59.352-04:00@Corey,
Good plan. If you have a process and doc...@Corey,<br /><br />Good plan. If you have a process and documentation, you can always go back and improve your process with new information. Something I've seen time and time again is that if an analyst doesn't have a process that they can add to, they keep doing the same thing over and over...H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-46421932737345923842014-06-27T18:19:57.250-04:002014-06-27T18:19:57.250-04:00@James
Getting the experience from realistic simu...@James<br /><br />Getting the experience from realistic simulations is really worth it. There are some things you can't replicate in a completely controlled environment.Corey Harrellhttps://www.blogger.com/profile/15008629321023489214noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-33520718427198584752014-06-27T18:10:40.860-04:002014-06-27T18:10:40.860-04:00@Harlan
I always found it easier to start with th...@Harlan<br /><br />I always found it easier to start with the process so I can see the big picture. I know a lot of people who start and end with the tools one uses instead of how those tools fit into an overall process. Good point about documentation.Corey Harrellhttps://www.blogger.com/profile/15008629321023489214noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-20585207979673630582014-06-27T08:58:13.896-04:002014-06-27T08:58:13.896-04:00Great post, as always, Corey. I particularly like...Great post, as always, Corey. I particularly like how you start with process...this is so often overlooked, or simply not even considered.<br /><br />Also, documentation is critical, particularly in this endeavor. Documenting what you've done allows others to replicate your findings, and also means that your findings are recorded. This way, you can develop and improve your process.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-52906166426488894152014-06-25T19:54:33.150-04:002014-06-25T19:54:33.150-04:00Excellent! I have been interested in forensics an...Excellent! I have been interested in forensics analysis for some time, and been wondering how to safely setup a test environment for some hands-on learning. I did complete a post-grad diploma which provided great theory, but was light-on with the actual processes.Anonymousnoreply@blogger.com