How to Screw Up Your Incident Response Investigation in 10 Steps or Less

Explore common pitfalls in incident response investigations through this conference talk from ShowMeCon 2019. Learn about the importance of having a well-designed incident response plan and discover the top 10 mistakes organizations make during investigations. Gain insights into critical aspects such as evidence preservation, regulatory compliance, and threat intelligence integration. Understand the significance of a holistic approach that goes beyond IT-centric methods and the value of designating first responders. Delve into specific challenges like dealing with compromised incident indicators and ransomware attacks. Benefit from the speaker's background and experience as you examine real-world statistics on data breaches and average detection times.

Intro
Vadons background
How many companies have been breached
The average length of time before someone realizes theyve been breached
The number of companies that dont have an incident response plan
Have a plan
Top 10 Mistakes
IT centric approach
Failure to designate first responders
Failure to preserve evidence
RAM
Questions
Incident indicators are compromised
Ransomware
Regulatory Compliance
Threat Intelligence Integration
Finding ancillary data