FF: Tell us a bit about your background and your role as a Threat Researcher at Security Joes.
My journey in cybersecurity began in 2018 in the Israel Defense Force and progressed through roles that deepened my expertise in networking, server management, and digital forensics. Since 2023, I’ve been part of Security Joes’ global Managed Detection and Response (MDR) and Incident Response (IR) team. Our team operates 24x7x365, providing expert remote responses to complex attacks worldwide. My role involves analyzing security events, developing DFIR tools, and contributing to our robust incident response capabilities.
FF: You’ve just released a new DFIR tool, MasterParser v2.0. What does the tool do and how will it benefit members of the digital forensics community?
Developed during an actual incident response at Security Joes, MasterParser v2.0 addresses the specific needs encountered in the forensic analysis phase. It automates the examination of Linux log files, enhancing the efficiency and effectiveness of the digital forensics’ community in handling security incidents. The tool’s generated summary presents this information in a clear and concise format, enhancing efficiency and accessibility for Incident Responders.
FF: Tell us about some of the other tools you have developed.
Like MasterParser, ForensicMiner was created out of a direct need observed during incident responses within Security Joes. This PowerShell-based automation tool is tailored for rapid artifact and evidence collection from Windows systems, streamlining the forensic process for our remote MDR and IR operations. Compatible with Flacon Crowdstrike RTR and Palo Alto Cortex XDR Live Terminal, along with its swift performance and user-friendly interface, ForensicMiner is an indispensable asset for investigators navigating the complexities of evidence recollection and analysis.
FF: What are some of the challenges of developing DFIR tools?
A significant challenge we face is adapting DFIR tools for effective remote incident response and Managed Detection and Response (MDR), which are crucial in today’s landscape of complex cyber-attacks. Our expertise lies in remote IR and MDR, emphasizing the need for tools that support these functions seamlessly and efficiently.
FF: What would you most like to see changed or improved in the field of digital forensics?
The advancement of automatic investigation tools is crucial for staying ahead of the ever-evolving landscape of modern cyber threats. I believe there’s a need for more sophisticated automatic investigation tools that can provide concise “What Happened” reports. These tools have the potential to expedite response times and enable manual investigators to focus on more critical aspects of an incident, allowing them to specialize and investigate what truly matters while leaving repetitive tasks to automation. This process is essential for fostering individual expertise and facilitating the growth of cybersecurity teams, ultimately enabling us to offer robust Managed Detection and Response (MDR) and Incident Response (IR) services, much like what we provide at Security Joes.
FF: What do you enjoy outside of digital forensics?
Beyond my professional life, I’m passionate about jiu-jitsu, where I’ve achieved a black belt, and I’m deeply involved in bodybuilding. My commitment to fitness is part of my dedication to overall health and well-being.
FF: Where can people go for further information about MasterParser, ForensicMiner and Security Joes?
MasterParser GitHub Link –Â https://github.com/securityjoes/MasterParser
ForensicMiner GitHub Link –Â https://github.com/securityjoes/ForensicMiner
Eilay’s Linkedin –Â https://www.linkedin.com/in/eilay-yosfan-80b1011b8/
Security Joes Linkedin – https://www.linkedin.com/company/security-joes/mycompany/
Security Joes Web –Â https://www.securityjoes.com/