Incident Response & Forensics
Education Level: Intermediate
6318 - Open Source DFIR Made Easy: The Setup
Wednesday, September 27
1:00 PM - 2:00 PM
A common challenge in the digital forensics and incident response (DFIR) community has been creating a DFIR toolkit that is cheap, simple to set up, scalable and easy to use. This presentation introduces the use of the “CyLR CDQR Forensics–Virtual Machine” (CCF–VM). The CCF–VM was designed to provide an all-in-one solution to one of the most common issues facing DFIR teams. It provides a conveniently packaged, easy-to-use platform, designed from the ground up to enable teams to collect, process and analyze critical forensics artifacts to triage and investigate intrusions both large and small. With built-in, commonly used searches and dashboards, CCF–VM enables searching of both single or multiple hosts simultaneously based on analyst or incident needs.
- Collect data with CyLR and easily process forensic disk images and artifacts with CDQR.
- Use Kibana (as setup in CCF–VM) for DFIR purposes.
- Set up a CCF-VM DFIR toolkit for each analyst and scale a single CCF–VM to the enterprise.