tag:blogger.com,1999:blog-4080617372940068027.post854597752410910743..comments2024-03-13T01:32:25.097-04:00Comments on Journey Into Incident Response: Triage Practical Solution – Malware Event – Proxy Logs Prefetch $MFT IDSCorey Harrellhttp://www.blogger.com/profile/15008629321023489214noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-4080617372940068027.post-35127805521460556812016-04-13T03:05:36.018-04:002016-04-13T03:05:36.018-04:00Very well written. Just shows the dedication and e...Very well written. Just shows the dedication and effort you put in for the Cyber Security Community. Cheers Corey!!idforensichttps://www.blogger.com/profile/03062579835189212550noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-83891966749557142592016-04-06T16:10:25.309-04:002016-04-06T16:10:25.309-04:00Thanks for the feedback Corey, much appreciated, I...Thanks for the feedback Corey, much appreciated, I am not able to do that directly myself as I am not in the right dept... but I can keep pushing them !Mitch Impeyhttps://www.blogger.com/profile/15321296469098994211noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-61309230852323447872016-04-06T09:13:46.988-04:002016-04-06T09:13:46.988-04:00"This information could then be used to scope..."This information could then be used to scope the incident to identify potentially other infected machines."<br /><br />Corey, do you have a process to perform this step? In my experience scoping is one of the harder steps to accomplish.<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-60343274839030076792016-04-06T06:11:35.366-04:002016-04-06T06:11:35.366-04:00Thanks Cory you are "Awesome". Just lear...Thanks Cory you are "Awesome". Just learning this in my Malware Forensics course. This was exactly week 3 course material and you have crystallized it for me. <br />UG, MDAnonymoushttps://www.blogger.com/profile/17911947944634576400noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-29465506608858539272016-04-05T17:39:21.901-04:002016-04-05T17:39:21.901-04:00Mitch,
I used to live in your world then I create...Mitch,<br /><br />I used to live in your world then I created a new reality. I built out my organization's security monitoring. For the most part this analysis can be done in three to 10 minutes. If it is a remote user through a VPN then it will take longer (speed hit is on loading the system into Encase Corey Harrellhttps://www.blogger.com/profile/15008629321023489214noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-17988576309033287392016-04-05T15:22:32.762-04:002016-04-05T15:22:32.762-04:00Thanks Corey for this excellent write up. In my wo...Thanks Corey for this excellent write up. In my world, asking for and receiving logs takes a significant chunk of time due to the way things "are". Typically, what would be the end to end time estimates for this triage process ? I appreciate it "depends" a lot on a considerable number of factors, but I thought I would ask as a reference. Icing on the cake as it were :)Mitch Impeyhttps://www.blogger.com/profile/15321296469098994211noreply@blogger.com