Russ McRee Group Program Manager of the Blue Team for Core Operating Systems & Intelligent Edge (COSINE)

DFIR Redefined: Deeper Functionality for Investigators

Those of us who operate within the constructs of digital forensics and incident response understand the nuances of the related acronym (DFIR) intimately. This presentation offers insight on a slightly different take on DFIR using statistical computing and graphic visualization. Forensics and incident response both suffer from, and can benefit from, the data explosion. That said, modern DFIR programs are obligated to embrace and attempt to master security data science. Doing so effectively can lead to vastly improved visualization, and behavioral analysis. We'll discuss such opportunities and provide an overview of some basic tools, tactics and procedures to get you started. 

Bio:

Russ McRee is Group Program Manager of the Blue Team for Core Operating Systems & Intelligent Edge (COSINE), part of the Cloud and AI (C+AI) organization. He writes toolsmith, a monthly column for information security practitioners, and has written for other publications including Information Security, (IN)SECURE, SysAdmin, and Linux Magazine.

Russ has spoken at events such as DEFCON, Derby Con, BlueHat, Black Hat, SANSFIRE, RSA, and B-Sides, and is a SANS Internet Storm Center handler. He serves as a joint forces operator and planner on behalf of Washington Military Department’s cyber and emergency management missions. Russ advocates for a holistic approach to the practice of information assurance as represented by holisticinfosec.io.