Episode 2 - NIST SP 800-61 Computer Security Incident Handling Guide (Preparation)
05/17/24 • 27 min
In this Episode Clint Marsden talks about the first phase of Computer Security Incident Handling according to NIST. Listen to real world examples of how to get prepared before a Cyber Security Incident arrives.
Show notes:
Link to NIST SP 800-61 PDF
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Bro has been renamed to Zeek. https://zeek.org/
Rita is Real Intelligence Threat Analytics. Created by Active Countermeasures -
Available from https://github.com/activecm/rita
In this Episode Clint Marsden talks about the first phase of Computer Security Incident Handling according to NIST. Listen to real world examples of how to get prepared before a Cyber Security Incident arrives.
Show notes:
Link to NIST SP 800-61 PDF
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Bro has been renamed to Zeek. https://zeek.org/
Rita is Real Intelligence Threat Analytics. Created by Active Countermeasures -
Available from https://github.com/activecm/rita
Previous Episode
Episode 1 - Digital forensics trends and preparations, learning from real life case studies & DFIR training for getting started
In this first episode we kick off with Clint Marsden, the host of Traffic Light Protocol (TLP) where he talks about what its like to work in DFIR, how to get started with Cyber training, what to expect in future episodes, and of course a light touch on AI Forensics!
Join us for the first episode. The next episodes coming up talk about the NIST SP 800-61 where we break down Preparation, Detection, Eradication and Recovery.
Highlights:
Current trends and best practices in digital forensics, emphasizing the importance of preparation, experience across different domains, and the challenges of acquiring artifacts. Clint highlights the need for a wide breadth of experience and stressed the importance of continuous learning, while emphasising the need for a broad range of tools and methods.
Finally, we also discussed various methods for learning cybersecurity without spending money, including exploring free resources and leveraging AI.
Next Episode
Episode 3 - NIST SP 800-61 Computer Security Incident Handling Guide (Detection)
In this 45 minute episode Clint covers a lot of ground based on the Detection phase of NIST 800-61.
Attack vectors for digital security incidents, including insider threats and weaponized USBs.
Cybersecurity incident response and detection, including NIST guidelines and Sysmon logging augmentation
The importance of following temporal linearity in Forensic Investigations, expanding analysis to 5-10 minutes prior to and after events, particularly in Internet History and Memory Dumps
Building a baseline of activity through network pcaps and log analysis
Why synchronised clocks are important?
How detailed notes help in your investigations
TLP - The Digital Forensics Podcast - Episode 2 - NIST SP 800-61 Computer Security Incident Handling Guide (Preparation)
Transcript
(Transcribed by TurboScribe.ai. Go Unlimited to remove this message.)
Hi, and welcome to TLP, Traffic Light Protocol, the Digital Forensics Podcast. As we discussed in the first episode, I touched briefly on the NIST, Incident Response Lifecycle. If you're not familiar with the NIST, Incident Response Lifecycle, let me just give you a quick background.
So NIST is the National Institute for Standards and Technology based in the United States. They do some incredible work and provide some
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/tlp-the-digital-forensics-podcast-499070/episode-2-nist-sp-800-61-computer-security-incident-handling-guide-pre-65954510"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to episode 2 - nist sp 800-61 computer security incident handling guide (preparation) on goodpods" style="width: 225px" /> </a>
Copy