DFIR Demystified: Understanding Digital Forensics Incident Response
While not needed for every event and every investigation, DFIR (Digital Forensic Incident Response) is an essential component of the modern security toolkit...
Jim Hung has over 12 years experience in Digital Forensics and Incident Response, including primary involvement and testimony in a number of high profile cases, and is a resourceful and practical problem solver responsible for numerous engagement-defining bespoke analytical solutions. These include the development of robust and verifiable analysis methodologies using scripting, databases, and reverse engineering. A proactive and capable team-leader able to manage both on-site response and lab-based analysis teams, Jim is a subject-matter expert in a number of fields, including Mobile Device Forensics and Web Application Analysis.
John is the head of research for the IBM Security X-Force where he focuses on understanding adversary operations, developing threat detection methodologies, and advancing X-Force service offerings. In recent years, John has focused his efforts on researching ransomware adversary operations and developing adversary simulation data to help drive improvements in the areas of incident response and threat hunting. Prior to joining X-Force John was a defensive cyber operations researcher helping the U.S. Army and U.S. Air Force improve incident response operations. John has spoken at multiple events including the SANS Threat Hunting Summits, ISC2 Security Congress, and Fulbright Commission Cybersecurity Exchange on threat hunting and ransomware operations.
While not needed for every event and every investigation, DFIR (Digital Forensic Incident Response) is an essential component of the modern security toolkit...
The challenge with threat hunting is the fidelity of the detections. How does a threat analyst have trust in the tools they use–and of course, if they don’t trust them, then how long does it take them to verify manually?