Digital Forensic gu...
 
Notifications
Clear all

Digital Forensic guides or advice for beginner

6 Posts
4 Users
0 Reactions
1,690 Views
(@thenewbie)
New Member
Joined: 4 years ago
Posts: 3
Topic starter  

Hi everyone,

I am a newbie here in the digital forensic world. Recently during my internship, I was thrown with a case to investigate by myself and I do not have any help or any guidance from my team. I actually did a lot of googling and the results were overwhelming and I still do not know how I should approach the case.

Hope you seniors can point me in some directions where I can get some good quality reading material or even guidances for me to do some self learning.

 

Really appreciate the help here.


   
Quote
(@Anonymous 6593)
Guest
Joined: 16 years ago
Posts: 1158
 

You might start by describing what questions you are supposed to find answers to.


   
ReplyQuote
CheeseString
(@cheesestring)
Active Member
Joined: 5 years ago
Posts: 10
 
Posted by: @athulin

You might start by describing what questions you are supposed to find answers to.

Yep, different types of investigations require different approaches. You wouldn't investigate IP theft the same ways as child abuse imagery.

You need to be more specific regarding your case.

 


   
ReplyQuote
(@thenewbie)
New Member
Joined: 4 years ago
Posts: 3
Topic starter  

Thanks for the feedback. I am suppose to examine the windows event log (i.e the powershell evt and the security evt) The investigation was more on gathering information on lateral movement onto other system.


   
ReplyQuote
(@mister4n6)
Active Member
Joined: 5 years ago
Posts: 12
 

Hi - having a lot of data can be overwhelming, thats okay. It's overwhelming for all of us.

Find a place to put all the raw or normalized data (excel?) and sort it by time. Ofcourse you have a time frame you are working with right?

Add say MAX 60 mins before and MAX 60 mins after (MAX, It could be 15m or 60m or more, do as you feel is right by your own case and knowledge of the estate)

What are you and your teams end goal here? Knowing this you can then break you work up accordingly.

For lateral movement?

Sort all the evt logs, highlight colour code whats normal, whats bad, whats weird and start piecing together recon, entry point, delivery, exploit, lateral movement.

Would https://attack.mitre.org/tactics/TA0008/ help?

Hope my ramblings help a little.

 


   
ReplyQuote
(@thenewbie)
New Member
Joined: 4 years ago
Posts: 3
Topic starter  

Thank you so much so your help. To me right now, every advice, every tips or tricks helps. I will take a look at the link as well.

😀


   
ReplyQuote
Share: