Insights from hundreds of incident response investigations reveal that focusing on the most relevant forensic data accelerates investigations more than collecting everything. The talk covers tracking lateral movement through event logs, identifying backdoors, and leveraging lesser-known artifacts like MPLogs and bitmap cache to work more efficiently during security incidents.
Sort: