Presentation at DFIR

This framework was first introduced in DFRWS EU 2014 (the first DFRWS conference in Europe) at Amsterdam held in May and later presented at Hacks in Taiwan 2014 (HITCON) which is a high-tech security conference in Taiwan held in August.

In 2015 July, VXRL Kelvin and Alan was invited to present Investigation and Intelligence Framework research in SANS Digital Forensics & Incident Response (DFIR) Summit.

Digital forensics investigators are facing new challenges every day because there are a large variety of high-tech cybercrimes reported. For instance APT, Hacking, Ransomware, DDOS, etc. During an investigation, investigators are often too concentrated on the evidence itself, like reversing the malware for the detailed behaviors or analyzing packets for credential leakage, but seldom or having difficulties to draw out the whole picture of the incident by correlating the seized/acquired evidence for the intelligence purpose. All relevant data from seized media should be utilized and analyzed, later transformed to intelligence to build a profile of the potential suspect with the corresponding attributes.

The presentation is available on YouTube.


Did you enjoy this post? Want to find out more about us? Contact us

Alan Ho

OSCP, SANS GWAPT certified cybersecurity professional. Head of Operations, VXRL.