Posts by Dr. Brian Carrier
- Sandboxing Malicious Files: Recorded Future Triage Integration
- 3.6 Release – Processes, OS Accounts, and Indicator Exports
- Analyzing KAPE DFIR Artifacts in Cyber Triage
- 3.5 Release – Merging artifacts, viewing source files, and anomalous logons
- ResponderCon 2022 Ransomware Videos (Batch 1)
- Cyber Triage Lite – Identifying OS Configuration
- Cyber Triage Lite – Identifying Malware
- Cyber Triage Lite – Analyzing User Activity
- Cyber Triage Lite – Network, Disk Image, and Memory Inputs
- Cyber Triage Lite – Intro and USB-based Collection
- Cyber Triage 3.1.0: Artifact Searching and OS Settings
- General Purpose vs Specialized Digital Forensics Tools
- Cyber Triage 3.0.2: Ransomware & Encrypted Database Detection
- Cyber Triage on Azure: DFIR in the Cloud
- Cyber Triage on Google Cloud: DFIR in the Cloud
- Cyber Triage on AWS: DFIR in the Cloud
- Cyber Triage 3.0 Is Out!
- Cyber Triage Gives Back to Autopsy
- Cyber Triage 2.14.4 – Detect Exchange WebShells
- Our 100% Unbiased 4:cast Awards Nominations
- Cyber Triage 2.14.3 Upload DFIR Artifacts to S3 Using Temporary Credentials
- Cyber Triage 2.14.2 Adds Features Based on SolarWinds Orion Incident
- How to Get Your Data & Services Back Online: Ransomware Recovery 2021
- How to Beat Ransomware in 2021: Key Questions that Make or Break Your Response
- Cyber Triage 2.14: Upload Your DFIR Artifacts to S3
- Cyber Triage 2.13.1: Feedback-Driven Upgrades (See, We Listen!)
- Cyber Triage 2.13: Offline Malware Scanning Now Available
- How to Execute During Incident Response: OODA for DFIR 2020
- Cyber Triage 2.12: Online File Reputation Service is Released
- How to Make Data-Based Decisions During Incident Response: OODA for DFIR 2020
- How to Orient During the Incident Response Process: OODA for DFIR 2020
- How to Observe During the Incident Response Process: OODA for DFIR 2020
- Version 2.11 Features: Investigation History, Timeline Filtering, and More!
- How to Use OODA Loop in Your Incident Response Process in 2020
- Cyber Triage 2.10 Features: Visualization, Exporting, and More
- How to Detect System Configuration Changes – Intro to Incident Response Triage (Part 9) in 2019
- How to Detect Malware Remnants – Intro to Incident Response Triage (Part 8) in 2019
- How to Detect Running Malware – Intro to Incident Response Triage (Part 7)
- Incident Response Recommendation Engine: “You may like this process based on your interest in this file”
- Intro to Incident Response Triage (Part 6) in 2019: Malware Persistence
- Intro to Incident Response Triage (Part 5) in 2019: User Activity
- How to Investigate User Logins – Intro to Incident Response Triage (Part 4) in 2019
- Collect Arbitrary Files Any Time During Incident Response
- Intro to Incident Response Triage (Part 3) in 2019: User Enumeration
- How to Speed Up Incident Response in 2019: Faster Scoping
- Queue Incident Response Collections to Triage and Prioritize
- How to Speed Up Incident Response in 2019: Faster Analysis (Part 2)
- Finding Intrusion Evidence in the Same Folder
- How to Speed Up Incident Response in 2019: Analyze Faster (Part 1)
- How to Speed Up Incident Response in 2019: Faster Artifact Collection
- How to Speed Up Incident Response in 2019: Start the Investigation Faster
- Incident Response KPIs: SPEED Is Critical. Here Are Five Reasons Why.
- Collect Faster by Collecting Less
- ReversingLabs Integration Improves Malware Scanning
- Use of PsExec That Doesn’t Reveal Password Hashes
- It’s About Time(lines)!
- Volatility integration in Cyber Triage to Analyze Memory
- Search For Advanced Malware In Cyber Triage Using Yara Rules
- Integrate with Splunk for Faster Alert Triage
- Phantom Integration Allows for Faster Responses
- More Changes To Make Your Response Faster
- Analytics Make User Account Investigations Easier
- Intro to IR Triage (Part 2): Analysis Categories
- Intro to IR Triage (Part 1): Buyer’s Guide
- Get Free Incident Response Software
- Cyber Triage Has a New Look
- Exposing More Data to Save Time
- Finding Suspicious Program Activity
- Dig Deeper: Find More IOCs and Fast Flux Domains
- Automating Incident Response: Setting the Stage
- Maturing towards Team-Based Incident Response
- Make Better Use of IDS Alerts for Incident Response
- Can DIY Incident Response Scale?
- Tailoring the Triage Process for Better Results
- Prioritizing Endpoints Helps to Focus Incident Response
- Understanding Your Client’s “Normal”
- Can Security Infrastructure Work for Fly-Away Incident Responders?
- Reducing Response Time with Whitelisting
- Maximizing Your Non-Persistent Agent’s Effectiveness
- Do You Need Persistent Agents to Fight Persistent Threats?
- What is in your CSIRT First Responder’s Jump Kit?
- Cyber Triage: Act Faster!
- Is Cybersecurity Legislation for the Private Sector on the Horizon?
- Data Breach Incident Detection, What Now?