So next up, we're gonna jump into incident response and forensic. So this is
and you'll actually hear it used interchangeably. If you decide to kind of go along either of these career past, I'm you'll notice that a lot of people are doing the same thing.
So incident response of forensics. And yes, that is my cat. By the way, I'm a cat lover. I love dogs in all animals, but anyways, digressing again, that's actually your cat. That is actually my world famous cat. Her name is Yes, I know that. Yes. So she finally got to star in a video. So she's officially a movie star.
Eso incident Responsive forensics? No.
You know, we'll we'll dive into this. Uh, you know, once we do like that, that session where we kind of deep dive into it. But I do want to mention that a CZ I kind of mentioned record for that. These were used a lot entertained. Changeable. You select, for example, an instant incident responder.
Well, normally do some kind of forensic work. Now, they may not do like a full, deep dive investigation,
but they will generally do some kind of capacity forensics to analyze what occurred. You know what kind of information is happening, And then if they find that it's something that needs to be referred to law enforcement, they'll kind of escalated from there. You'll generous. See somebody working like as a forensic investigator if they're working like in some kind of law enforcement capacity. So
we grouping together just cause a lot of people do
pretty much all of it. But if you want a deep dive into any of these, if you want to kind of a career path off forensics is more so. Forensic investigators, more so if you're gonna actually work in law enforcement or with law enforcement and then like incident response is you're more generalized private sector, you know, individual. So
well again, we'll kind of talk about, like, the typical day and that sort of stuff.
So what do any of these people do, right? Well, obviously as interesting incident response to name implies, they, you know, identify respond to incidents, right? So what's an incident? Who even cares? But basically that's, you know, anything that may be abnormal, right? So it's generally gonna be some kind of a breach, but it could be something else, right? It could be like,
let's say, you know, Joe decides that he wants to work in Disneyland and a sigh Berry.
And so he takes, You know, this PowerPoint slide to Disneyland? Well, that's technically, you know, an incident, right? Because Joe's taken that that power point presentation with my cat on it to Disneyland, you know, And I might be cool with him using the picture of my cat. But, you know, we're not cool with him using, like this toe present to making proprietary work. Exactly right, So?
So that would be an incident. So it's not necessarily Well, that would probably be, You know, that could be a borderline criminal act, but that's not necessarily something as dramatic as you know, like
somebody hacking your systems. But it's still an incident, so in incident could be a lot of different things.
So basically what a instant responder or even a forensic investigator does this they're gonna follow some kind of a standard process, right? So it could be a process, you know, set forth by like a law enforcement agencies who, like as a forensic investigator, you know, hey, we have to collect data in a certain way. It could also just be a process, you know, implied by the organization like, Hey, this is how we do it.
It could also be something you know, bound by like laws or regulations. Like
If you want this admissible in a court of law, whether it's civil or criminal, then you have to do these things a certain way.
So a lot of different processes that we could follow. And it's really dependent upon your organization as well as kind of what you're doing and different laws and regulations that might be applicable in your jurisdiction.
Now that being said, you know it. I'll mention this again when we kind of deep dive into the subject in the next week. I believe we do it, but
keep in mind that you may be doing forensic work, but you may not be able to get all the data right. So it's those server like over Russia. That doesn't care that, you know you have an investigation to here in the U. S. Then you may not be able to get that information, but you're trying to get as much information as you possibly can.
A lot of this is gonna you know, it allows you to determine kind of the severity of the incident. Right. So is it something minor? You know, like Joe took my cat photo and put it on his own power point slide. It was something major like somebody, you know. Yeah, he's probably doing that right now as I speak. But, you know, it's something major right where someone hacked us, took our data. You know, something like the recent
Mary a preacher. Many other reaches
that have been out there. Is it something like that? Were something major where we need to bring in the other entities, whether that's the law enforcement or private organizations to help us investigate this stuff. So as an incident responders, you're kind of that first line, so to speak after, like, a network admin or somebody sees the issue, they tell you. And then you're kind of that first line of defense
and determining. Is there an incident? And what do we need?
Excuse me. I need to do next.
And then we just use different tools to get all this data right. So different forensics tools, you know, and it's going very somewhat on how much time we spend on it based off of. It's like a civil case administrator of type of investigation or if it's a criminal investigation, with the latter being obviously the most time spent in a criminal investigation
Of course, reporting communication is we kind of driven home. So by the end of this presentation, you should have at least reporting and communication memorized as the main things that take away. And then you have to have a good foundation of knowledge and, like different network and content concepts and protocols. Eso again a good kind of next step from network engineer would be to go into like incident response.
You need that good foundational knowledge of
computer networking is, well, it's like operating system, so you kind of need that first level knowledge is kind of challenging to go directly into incident response. However, we do have a career path for it, and we'll talk about that a little later.
You also wanna have knowledge of different, like cyber threats and vulnerabilities. So as you may or may not know, just looking at the news, you can see that there's different data breaches and stuff like that going on all the time. That just means, you know what you should take away from that is that there's a lot of different cyberthreats going on all the time. Some of them are the same, you know. We just never really fix them.
But a lot of them are changing all the time. And so
as an incident responders or forensic investigator yet to be abreast of the current trends in the industry
aside mentioned, already lost in regulations that you may need to follow based on your jurisdiction and also based on your organization, then the number one thing with forensics and incident response is always preserving the evidence, right? So we don't want to, like, get some information from our server log and then delete it. You know, that's kind of pointless, right?
Like just cause we had seen it doesn't mean that it may not be used
in a later investigation.