Velociraptor is a great DFIR tool that becomes more and more popular amongst Incident Handlers. Velociraptor works with agents that are deployed on endpoints. Once installed, the agent automatically “phones home” and keep s a connection with the server… exactly like a malware with it’s C2 server but this time
When you need to quickly investigate a suspicious computer located thousands of kilometers away or during a pandemic like we are facing these days, it could be critical to gain remote access to the computer. Just to perform basic investigations. Also, if the attacker did a clever job, he could
I published the following diary on isc.sans.org: “Converting PCAP Web Traffic to Apache Log“: PCAP data can be really useful when you must investigate an incident but when the amount of PCAP files to analyse is counted in gigabytes, it may quickly become tricky to handle. Often, the first protocol
A security conference does not need to be “big” to be interesting. Size doesn’t matter with security conferences ;-). I’m in Lille, France where I attended the conference called “CoRIIN“. This event is held in French and means “Conférence sur la réponse aux incidents et l’investigation numérique” or “Incident Response
