Incident Response and Forensics Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

4 hours 21 minutes
Video Transcription
So this is good. I'm diagram on incident response. So Asai mentioned, you know, we always want to prepare in advance, right? So anything security related or anything in general, in life always wanna kind of preparing event. So we reviewed, prepare, you know, policies, procedures, etcetera, training, all that good stuff from there. Once an innocent it occurs, we detected and analyze it.
We say, yes, this is an incident.
Something's going on. Let's say there's an active, you know, breach in progress. Then we would want to contain or isolate that or, for example, like now where we want to isolate those systems and, you know, be ableto, you know, eventually eradicate. And, you know, if the system's taken down, we want to also recover that system.
And then from there, we implement different procedures or solutions to, you know, fix the issue, and we then want to analyze those fixes to see, like if they're actually working, right. So the post incident activities similar to like the military's after action report, where we kind of saying like, Okay, what went well
during that incident, what would you can we really mess up on,
uh, you know, do this thing work? Did this thing not work? And then from there we developed better things. Moving forward on this is an endless cycle because there's always gonna be new threats coming out.
So what kind of work environment should you expect now, Sock sock centers are 24 7 So you may work different types of shifts in those centers. Of course. That depends on, like, your seniority. Obviously. You know, Sokolow, senior stock analyst could probably say I just want day shift and somebody would give them day shift only.
But it is certainly rotating. It also couldn't involve on call work where,
you know, maybe you're not working, but you're on call a certain day of the week. We have to go in as a senior level person in the center.
Also, it is kind of a component of that, You know, it's again, we're gonna start splitting out these these rules here, So stock analysts may do incident response team may do forensics, But also you can, you know, with some experience, you can work as an incident responders, right? You know, So you in that capacity are generally traveling around and responded to incidents. Is for clients,
so you may travel around like United States where we're at. You might travel around the world, et cetera, in some cases,
but you generally are gonna travel around to the client's location as an instant responder. A deceased is working as part of a team.
UH, now, actually, start interrupt. This is a great time to kind of discuss why this particular video session and set up the way it is where it's sock analyst. But we're also talking about instant response and forensics analyst Fundamentally, That's because these these roles all sort of build on the same skill set.
The main difference between them is how they're applied. So when you're working with, you know,
CyberRays career past year, working with the material that we have, the reason why these Air group together is that fundamentally, what you're doing with all of them is triage. Its security analysis. It's determining threats. It's providing intelligence. They're all the same roles. But where you know, stock analyst is the real time watch floor kind of 24 7
Incident response is sort of on call. When something happens, you come back for it,
and then forensics tends to be after the fact, sort of not necessarily a slower pace, but, um or sort of scheduled and structured base. But it's really it's It's the scene General skill sets with some with some specialization. Just it's all about how it's applied to the problem at hand.
Absolutely, absolutely. And in touching on forensics for a minute, it's off. Also. Excuse me. A much longer process in the other ones, obviously stock analyst. That will stay, you know,
through new threats. But as far as like an actual incident as you mentioned, it's gonna take a long time to investigate. And I think you had mentioned
fire recovery use and forensics tools was at a fun experience in the military.
That was an absolutely brutal experience. Actually, Way had to recover multiple terabytes of lost data, and the only mechanism we had available was using a forensic tool kit. It took
36 straight hours of work. Roughly,
I didn't go home. I slept in a little cot in my office for about 30 minutes at a stretch. Uh, yeah, probably probably the worst day of my professional career, certainly up there. And, as you see, Joe's no longer than it was to find, Yes,
So the other thing I want to touch on, you know, we kind of touched on more of the civilian or, you know, the civil case type of stuff
with, like, incident response, you know, socks, centers. But you also may be involved in criminal cases, and you're kind of that first line of gathering information and then kicking it to forensic investigation team or forensic investigator, where they then go through and try to build out a criminal case. Now, of course, there's some mixture their forensic investigators to civil cases as well. But
for the focus of criminal cases,
it would generally be going to your forensic investigators, so then they could help build it out for actual prison presentation in court.
Up Next
Introduction to IT & Cybersecurity

In this FREE IT and cybersecurity training for beginners, you will learn about the four primary disciplines of information technology (IT) and cybersecurity. This introduction to IT course is designed to help you decide which career path is right for you.

Instructed By