Episode 13-ELK EDR and Sandboxing, Home grown CTF environments, DFIR Automation & Forensics in the cloud, with Jacob Wilson
Description
Episode 13 is another giant episode with a focus on what its like be in the mud working on real life forensic investigations. Jacob and Clint talk about ELK EDR, using Sysmon.
Sandbox Environments: Jacob discusses the creation of a sandbox environment using an ELK stack combined with Sysmon, enabling in-depth malware analysis by capturing and analyzing detailed system activity.
Automation in Investigations: Jacob emphasizes the importance of automating repetitive tasks, such as business email compromise investigations, to streamline processes and improve efficiency.
Pen Testing and Red Teaming: Jacob shares insights into the importance of understanding both offensive (red teaming) and defensive (blue teaming) techniques to better anticipate and mitigate threats.
Practical Learning: Jacob advocates for hands-on experience in digital forensics, highlighting the limitations of theoretical knowledge and the value of real-world application.
Resources Mentioned:
- ELK Stack: Used for creating a detailed sandbox environment for malware analysis. Learn more about ELK Stack here.
- Sysmon: Essential tool for capturing detailed logs on Windows systems. Explore Sysmon here.
- Axiom: A commercial digital forensics tool praised for its comprehensive and reliable results. More about Axiom here.
- Cellebrite: A tool used for mobile device forensics, particularly for logical acquisitions. Discover Cellebrite here.
- Splunk: Utilized for automating the investigation process by analyzing large datasets quickly. More on Splunk here.
Jacob Wilson's LinkedIn: https://www.linkedin.com/in/jacob--wilson/?originalSubdomain=au
United States
