Tips to prep for digital forensics on Windows networks

Know what data you need to collect and how you will collect it before a security incident occurs on your Windows network.

forensics threat hunter cyber security thumbprint
Getty Images

The phone rings. You answer it and the rattled voice on the other end says, “We think there has been a breach.” What is your first thought about what to do?

A recent joint advisory issued by Australia, Canada, New Zealand, the United Kingdom and the United States highlights technical approaches to uncovering malicious activity and includes best-practice mitigation steps. The advisory’s goal is to help organizations improve incident response. That starts with the collection of relevant data: event logs, browser history files, evidence of listening ports, historical dates of when file folders and files were created, and so on.

I’d take a step back and ensure you have logging set up properly before an incident occurs. Install Sysmon on all relevant systems to log events to identify malicious or anomalous activity and understand how intruders and malware operate on your network. Then export these log files to your SIEM (security information and event management).

Back up infected systems

To continue reading this article register now

The 10 most powerful cybersecurity companies