How to respond to a cyber incident?
Digital Forensics and Incident Response for dummies
In the cyber security world, successful attacks are happening all the time with large impact on the day-to-day operations of organisations. You might think of blue teams trying to monitor for attacks and respond accordingly, or red teams trying to test the security of an environment, but have you ever heard of Digital Forensics and Incident Response (DFIR)? In the DFIR field, a Computer Emergency Response Team (CERT) helps with the forensics and incident response after a cyber-attack took place. But how does a CERT team find out what a threat actor did to gain access to the network, and what do you do when an organisation is down to bring them back online in a safe way?
What you are going to do:
You are, together with other students, hired by an organisation to conduct a forensic investigation. The organisation that hired you was recently hacked by unknown threat actors and cannot conduct their business anymore.
Your team is responsible for performing an analysis on how these threat actors hacked their way into the organisation. By doing this root cause analysis, the recovery team can use your findings to eradicate the threat actors from the network and get back to business. You will also advise how to prevent a similar incident in the future.
Northwave provides the material and presentation that will get you up to speed to do this root cause investigation.
What you need:
Note that the workshop includes (free) lunch and we are trying to make it count as 2 lunch lectures for the reflection & vocational orientation course.