If you conduct digital forensics for incident response internally, what DFIR tools are you using?

Threat Intelligence & Incident Response Threat & Vulnerability Management

3.8k views3 Comments

Sort by:

Chief Technology Officer in Media2 years ago

For internal digital forensics in incident response, widely used tools include EnCase, Sleuth Kit, and Autopsy. These tools facilitate thorough analysis of digital evidence, aiding in identifying, mitigating, and learning from security incidents.

CIO in Education2 years ago

I would say it mainly depends on your industry and the scale you need to apply it to. If you are mid-range why pay for a solution, no matter how advanced and robust it may be, while your threat levels are mid-low? In any case, my proposition would be BINALYZE AIR. So far, I have not faced any inconvenience with it.

Chief Information Security Officer in Finance (non-banking)2 years ago

Encase

Content you might like

Does your AI security approach include intent-based API monitoring?

Yes33%

No – we have intent-based API monitoring but don’t use it for AI security 58%

We don’t use intent-based API monitoring8%

Other/unsure

View Results

Have you evaluated or implemented any deepfake detection tools?

Yes – currently evaluating tools21%

Yes – currently preparing to implement42%

We’ve evaluated tools but decided not to implement

Not yet – waiting to see if others find them effective 38%

No – not interested

View Results

What are you currently using to monitor APIs for anomalies in transaction logic?

Any examples you can share of effective use cases for threat intelligence beyond cybersecurity? Have you had success applying threat intelligence beyond IT/cybersecurity to increase its ROI or better justify that investment?

Apart from applying the patches just released, what other mitigation tactics are you using to address the zero-day SharePoint vulnerabilities impacting on-premises servers?