Profile cover photo
Profile photo
Keith Tyler
74 followers -
Information Security Warrior
Information Security Warrior

74 followers
About
Keith's interests
View all
Keith's posts

Post has attachment

Post has attachment

Post has attachment

Post has attachment
Microsoft's Accidental Enterprise DFIR Tool
SCCM can be a goldmine when hunting for evil, all you need to do is enable some inventory collections, send them to Splunk and get creative. While the data is snapshot in time (usually the last 24-hours) it can also be a great first start when dealing with ...

Post has attachment

Post has attachment
Automating Forensic Artifact Collection with Splunk and GRR
Recently I had the need for GRR to collect forensic artifacts when a Splunk alert was triggered. The point of this is to collect the forensics data when a incident ticket is generated to save IR staff time and eliminate redundant  redundant  tasks. Example ...

Post has attachment

Post has attachment
DFIR with Windows Logging Service (WLS)
WLS is logging service built with forensics and incident response in mind. The best way to explain what WLS is to show an example: Here is what you get from a process creation event from Windows: 2014 Nov 21 21:39:28 10.10.10.10 WINTETST.domain.com MSWinEve...

Post has attachment

Post has attachment
Awesome!!
Wait while more posts are being loaded