Introduction to Digital Forensics and Incident Response | TryHackMe DFIR

🚀 Cyber Security Certification Notes
https://shop.motasem-notes.net/collec...
🚀OR Certification Notes with Cheat Sheets
https://buymeacoffee.com/notescatalog...
💡Cyber Security Notes | Membership Access
https://buymeacoffee.com/notescatalog...
🔥Download FREE Cyber Security 101 Study Notes
https://buymeacoffee.com/notescatalog...
****
This video provides an introduction to DFIR (Digital Forensics and Incident Response) and covers its definition, process, key concepts, tools, and a practical example of investigating a security breach. The video also covers the walkthrough of TryHackMe DFIR.
*************
Receive Cyber Security Field Notes and Special Training Videos
   / @motasemhamdan  
*******
Writeup
https://buymeacoffee.com/notescatalog...
TryHackMe DFIR
https://tryhackme.com/room/introducto...
****
Store
https://buymeacoffee.com/notescatalog...
Patreon
  / motasemhamdan  
LinkedIn
[1]:   / motasem-hamdan-7673289b  
[2]:   / motasem-eldad-ha-bb42481b2  
Instagram
  / motasem.hamdan.official  
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6ai...
Twitter
  / manmotasem  
Facebook
  / motasemhamdantty  
******
00:00 - Introduction to DFIR
00:04 - What is DFIR?
00:13 - DFIR Breakdown: Digital Forensics & Incident Response
00:24 - Definition of DFIR
00:40 - Digital Forensics vs. Incident Response
01:02 - Example: Windows Machine Communicating with C2 Server
01:36 - Understanding C2 Servers
02:11 - How Threat Intelligence Identifies C2 Servers
02:49 - Steps in DFIR Process
03:21 - DFIR for Different Devices: Computers, Phones, Medical Devices
03:42 - Difference Between Digital Forensics & Incident Response
04:02 - Example of Incident Response Workflow
04:55 - Collecting Evidence for DFIR
06:09 - Artifacts: Understanding Digital Evidence
07:05 - Preservation of Evidence and Hashing
08:01 - Chain of Custody in DFIR
08:46 - Order of Volatility in Evidence Collection
09:27 - Priority of Evidence: RAM vs. Disk
10:02 - Timeline Creation in Incident Response
10:32 - Documenting the DFIR Process
11:14 - Tools Used in DFIR
11:21 - Eric Zimmerman’s Forensic Tools
11:47 - Autopsy and Windows Forensic Analysis
12:12 - Volatility Framework for Memory Forensics
12:39 - Redline and FireEye Tools
12:49 - Velociraptor for Endpoint Monitoring
13:03 - Steps in Incident Response
13:15 - Sans vs. NIST Incident Response Frameworks
13:36 - Overview of the NIST SP 800-61 Guidelines
14:06 - Incident Preparation Phase
14:48 - Identification and Detection of Incidents
15:28 - Containment Phase in Incident Response
16:02 - Isolating a Compromised Machine
16:30 - Eradication: Cleaning a Machine from Malware
16:48 - Recovery Phase: Restoring System State
17:23 - Lessons Learned and Post-Incident Activity
17:49 - Practical Incident Response Example
18:13 - Creating a Timeline of an Attack
18:44 - Identifying Malicious Alerts in SIEM
19:07 - Detecting Cobalt Strike Download Attempt
19:29 - Filtering Network Traffic for Malicious IPs
19:50 - SSH Brute Force Attack Discovery
20:38 - Identifying Failed and Successful Login Attempts
21:20 - Analyzing System Logs for Malicious Activity
22:00 - Conclusion and Final Thoughts