Hi all,
I'm in a corporate info sec role and one area that I'm developing is our incident response program. I've worked in IT and security for a long time but have had limited exposure to forensics, so it's an area I'm learning about and wanted to get some feedback from the pros on some initial tool selections.
I'm building a toolkit upon which our IR program will be based. Currently I'm leaning toward using F-Response consultant w/covert for imaging, X-Ways for image forensics, and IDA Pro for deeper analysis.
The goal is to evaluate suspect systems, scope malware infections, and assist with internal e-discovery requests.
Most analysis will be done by me (I need to do some training as well), but I have other responsibilities so forensics is only a portion of my job, so we'll contract with an IR firm for assistance with any significant breeches or advanced malware analysis. I'm really just focusing on initial triage needs.
Any feedback on my thoughts about tool selection based on my goals and background, or forensics issues I'm overlooking?
TIA