Incident Management
Day in the Life Digital forensics is a part of any incident response and yields crucial information during the investigation and analysis phases. If you're a new incident responder or only curious about the field, you might be interested in this detailed account of the first 72 hours of a real incident investigation. You'll get a close look at a multi-phased approach using the Splunk platform, Fox-IT Dissect, and Carbon Black EDR. Then, come back to this page to learn about specific incidents and how forensics can be applied.
Article Type: Topic
- Creating a timebound picture of network activityObtain a complete picture of what data is written to your indexes, through what sources, and by what devices.
- Investigating a ransomware attackUse Splunk software to investigate a ransomware attack by attempting to reconstruct the events that led to the system being infected.
- Investigating unusual file system queriesHow to investigate unusual file system queries with this process you can run in Splunk software.
- Responding to incidents with the Splunk platform and Fox-IT's DissectThis war story, written by Fox-IT, shows how Splunk's integration can be used with Fox-IT's Dissect in the process of resolving complex and fast-evolving incidents.