In this brief discussion, John will touch on baseline practices to maximize effective digital forensics response to cyber incidents. Topics will include establishing roles and responsibilities in response teams, evidence containment best practices, endpoint image acquisition (logical vs physical, cloud + production vs deadbox), forensic tools and lab equipment needs, payload entry vector discovery through file signature and timeline analysis, and file security options for evidence storage and disclosure of findings.
Presented by:
John Bradley, Manager, Digital Forensics & Investigations, City of Toronto