From the course: Cybersecurity Foundations: Incident Response
Join today to access over 25,300 courses taught by industry experts.
Windows: Triaging tools and techniques
From the course: Cybersecurity Foundations: Incident Response
Windows: Triaging tools and techniques
- [Instructor] Ever feel overwhelmed by the number of security tools out there? There are thousands, and you're not alone. In this video, I'll walk you through the seven core techniques every incident responder should master and the seven tools that should be in every responder's toolkit. Let's start with techniques. First, log analysis and timeline reconstruction. Being able to stitch together events from logs like Windows Event logs, Sysmon, firewall logs or proxy logs, helps you retrace the attacker's steps. Two, memory analysis. Many threats live only in memory. That includes credential theft, LSASS dumps and injected processes that never touch disk. You can't respond to what you can't see. Memory forensics lets you spot what file-based tools miss. Three, root cause analysis. To reduce risk, you need to understand how the attacker got in. If you don't fix the entry point, the door stays open for the next attacker.…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.