tag:blogger.com,1999:blog-4080617372940068027.post5469104375533926419..comments2024-03-13T01:32:25.097-04:00Comments on Journey Into Incident Response: Adding an Event Triage Drop to the Community BucketCorey Harrellhttp://www.blogger.com/profile/15008629321023489214noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-4080617372940068027.post-8747979495101689142015-11-24T11:45:27.006-05:002015-11-24T11:45:27.006-05:00This is a great idea Corey. I was actually just g...This is a great idea Corey. I was actually just going back through all of your older posts (wasn't around back then to read them), and this will be a great way to start putting the ideas you mentioned in to practice. (End-to-End Investigations, and Forensicator Readiness for example.)<br /><br />As a current student of this field, I've found that the course work just can't fit in everything, obviously, and so posts like these from you, @Harlan Carvey, and others working in the field already, really give me insight on some things to focus on.<br /><br />I'm looking forward to working on these practicals and implementing what I learn from them into my course work and my self-study down the road.Anonymoushttps://www.blogger.com/profile/18115841924764365005noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-81101398270626942102015-11-20T10:53:54.493-05:002015-11-20T10:53:54.493-05:00@Corey,
Thanks for taking the time to put these s...@Corey,<br /><br />Thanks for taking the time to put these scenarios together - I know its a lot of work. I am particularly interested in exactly what you described above regarding the triage workflows, tools, etc. and love the format you propose. Can't wait to see the first scenario.<br /><br />I also understand what you and @Harlan are saying in terms of information sharing. Up to this point, I am guilty of being one of the idle consumers; however my role has recently changed and I hope to be in a position to contribute back.<br /><br />Let me know if there is anything I can do to help with this initiative.Gregnoreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-71516783718174660502015-11-20T07:06:59.801-05:002015-11-20T07:06:59.801-05:00@Corey,
"I just hope I'm able to find th...@Corey,<br /><br />"I just hope I'm able to find the time to create more scenarios for servers."<br /><br />I know that when I've written my books, some will say, "yeah, you're going to cover the workstation OS, but what about the server OS?" Well, the fact of the matter is that I don't have access to server OS's except through work, and well...<br /><br />My point is that someone should be willing to step up and provide something...VM, access to a install CD and code...something.<br /><br />"I enjoying reading about the approaches and thought processes behind how others tackle an issue. "<br /><br />A lot of folks in the community say the same thing...the difference is that you're one of the very few who actually share these things. Most folks won't sit down and just write what they did during an exam.<br />H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-29178767704917063852015-11-19T17:46:53.305-05:002015-11-19T17:46:53.305-05:00@Harlan,
I just hope I'm able to find the tim...@Harlan,<br /><br />I just hope I'm able to find the time to create more scenarios for servers. That is a good idea for either a book or blog series. I tend to find material like this useful. Both for myself and for pointing people to it. I enjoying reading about the approaches and thought processes behind how others tackle an issue. Your idea is along these lines.Corey Harrellhttps://www.blogger.com/profile/15008629321023489214noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-30676537722410118722015-11-19T16:30:09.566-05:002015-11-19T16:30:09.566-05:00Sign me up!
I think it's great that you'...Sign me up! <br /><br />I think it's great that you're doing this...I just told someone today that I'm considering either a book or series of blog posts entitled, "Investigating Windows Systems", done in a case study-style format.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.com