08-11, 10:30–11:30 (US/Pacific), Project Obsidian: Kill Chain Track (0x42)
IR analysis in two parts; Part I: Know Yourself, Know Your Logs, Part II: MSTICPY and Velociraptor Collection & Offline Analysis.
This Kill Chain IR analysis session includes two modules.
Part I: Know Yourself, Know Your Logs: How to establish some baselines with the logs that you have to support incident response.
Part II: MSTICPY and Velociraptor Offline Collection Analysis: Offline analysis using code. How to setup your questions and make your analysis process repeatable with jupyter notebook and msticpy.
BlueTeam DFIR helping people to grow