Beginning DFIR - How to Get Started with Cooties

Explore the fundamentals of Digital Forensics and Incident Response (DFIR) in this conference talk from Circle City Con 2019. Learn about the purpose of DFIR, address imposter syndrome, and discover open-source tools for practical application. Gain hands-on experience with demonstrations using Sift Workstation, including disk mounting, file extraction, and remote access techniques. Understand the importance of maintaining composure during investigations, managing local logs, and communicating effectively with stakeholders. Delve into proactive measures, such as creating PSA emails, and navigate ethical considerations in HR and law enforcement contexts. Perfect for beginners looking to start their journey in DFIR and enhance their investigative skills.

Intro
What is DFIR
The point of DFIR
What is impostor syndrome
Open Source
Practice vs Practical
REM
Demos
Sift Workstation
Mount Win
Sift
Walkthrough
Local Disk
Extract File
Remote Access
Easy Viewer
Stay Calm
Local Logs
How to keep them from freaking out
How to be proactive
PSA emails
What you dont have
Stickers
HR Ethics
Union Case
Local Law Enforcement