ð Incident Investigation
ð Investigation Methodology
Basically, all of the artefacts that are listed in the Investigation section fall under the category “user activity” one way or another. Even if some process spawned some other process, somewhere in the past the user interaction was still required. That’s why I find it so hard to find the perfect categorization. I’ve decided to devote this section to common strategies of how one would investigate user activity and which artefacts they would use at what point in time.
ðģ Evidence Collection And Preservation
This section is under question. Probably need to sort all between different artefacts. Hard to use currently.
ð Artefacts DB
ðķïļ Anti-Forensics
ðĐŧ Data Recovery
In order to detect and response to incidents in a short time, there are playbooks which are basically guidelines. Some IR frameworks have these included in order to ease the process.
ð OSINT Techniques
This all about searching for the information publicly available.
ð Interesting Observations
I will be collecting some random stuff I’ve noticed about people’s usage of IT systems.