The other DFIR: Deeper Functionality for Investigators with R
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
CVSS.csv
DFIR-SecureWorld2017.pdf
HIBPwned.R
LICENSE
README.md
TwitterSentiment-DFIR.R
eventID-sequences.csv
fft.R
sunburstR-EventID.R

README.md

The other DFIR: Deeper Functionality for Investigators with R

“To competently perform rectifying security service, two critical incident response elements are necessary: information & organization.” ~ Robert E. Davis

Deeper Functionality for Investigators with R

  • Incident responders and investigators need all the help they can get
  • What concepts & methods further enable handlers & investigators as they continue to strive for faster detection and containment?
  • Data science & visualization sure can’t hurt
  • How can we be more creative to achieve “deeper functionality”?

DFIR Redefined Scenarios

  • Have you been pwned?
  • Visualization for malicious Windows Event Id sequences
  • How do your potential attackers feel, or can you identify an attacker via sentiment analysis?
  • Fast Frugal Trees (decision trees) for prioritizing criticality

Presentation will be posted soon