Cyber security breaches continue to rise and the need for organizations to understand the scope and root cause of breaches has never been more important. During and after a cyber security breach organizations must understand the impact to their business, the tactics and techniques used to carry out the breach, and types of controls that can be put into place to prevent the breach in the future.
Forensics techniques are used to uncover what data was exfiltrated or damaged in a breach as well as determine how the attacker compromised the network. More importantly, forensics can help determine if the attacker still has a presence or means of persistence in the compromised network.
7 Best Computer Forensics Tools – https://resources.infosecinstitute.com/7-best-computer-forensics-tools/
Open-Source DFIR Made Easy: the Setup – SANS Digital Forensics & Incident Response Summit 2017 – https://www.youtube.com/watch?v=f5B4bngftP8