In recent years, Fox-IT has observed a significant evolution in the field of Incident Response (IR). With the scale of incidents increasing, our engagements now frequently involve managing not just a few systems but handling over a thousand. This increase in scale has necessitated refining our approach to seamlessly integrate diverse data sources, manage a multitude of system types, and develop a more sophisticated method for efficient data processing.
Have you ever requested log data, only to receive it in slightly different formats? Or processed over 1,000 hosts, ensuring that each source for every single host is handled correctly? Perhaps you’ve found yourself tracking down adversaries across multiple systems and still timelining this using good-ol’ Excel? Yes, this is what we are talking about.
In this presentation, we will discuss how Fox-IT has tackled these challenges and share our current IR methodology. We will provide insight into our process, offering a peek under the hood. Learn how we automate data collection and prepare forensic material, all while enjoying a game of foosball. We’ll also discuss our ongoing efforts to refine and improve our current solution, because no solution is ever 100% finished.
