A great piece of software to take Screen Shots is Greenshot.A great note keeping App that teams can use to coordinate is OneNote.The reader should quickly understand what they’re looking at Examples: Highlights, Boxes, Arrows Text.Notes should be accompanied by screenshots that tell a story.Understand your own thinking later… or after sleep.This is for team mates to understand your thinking.Keep solid notes on your thinking around evidence and data that you find.SANS Course: “ FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response“.SANS Course: “ SEC503: Intrusion Detection In-Depth“.Book: “ The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference“.Book: “ Practical Packet Analysis, 3E: Using Wireshark to Solve Real-World Network Problems“.Book: “ Mastering TShark Network Forensics: Moving From Zero to Hero“.Basic Wireshark Skills ( Brad’s MTA Wireshark Tutorials).How data reduction aids in investigations.How to pivot into and away from PCAP Analysis (how to use findings for quicker analysis).Understand the advantages and goals of PCAP Analysis.
This post assumes you have a DFIR Analyst Station ready to analyze the PCAPs from The Case of the Stolen Szechuan Sauce. Make sure you understand the basic rundown of forensic artifacts. Have you built your DFIR Fort Kickass, yet? How to build a DFIR Analyst Workstation found here. Reading Time: 28 minutes Case 001 PCAP Analysis
0 kommentar(er)
