Free Resources for Incident Response Professionals

To help make your tough job a bit easier.

Lateral Movement Analyst Reference

Learn to detect lateral movement within your environment.

Lateral Movement Analysis (pdf)

Download

Event Log Analyst Reference

Windows Event Logs store an increasingly rich set of data.  This reference walks you through configuring, storing and analyzing Windows events.

Event Log Analyst Reference (pdf)

Download

Memory Analysis with Volatility Analyst Reference

The battle for our boxes is increasingly being fought in RAM.  Learn to use Volatility to hunt for evil on your systems.

Memory Analysis with Volatility (pdf)

Download

Default Windows Processes Quick Reference

Quick Reference on normal system processes on a Windows system, including their executable's path on disk, the usual process tree, and descriptions of each process.  Perfect to help during memory analysis and system triage.

Default Windows Processes Quick Reference (pdf)

Download

The Light Side of the Force:PowerShell for Incident Response

High profile tools like Empire and Death Star harness PowerShell for offensive purposes.  This presentation examines ways that IT security professionals can leverage PowerShell to protect their assets. 

Light Side of the Force (pdf)

Download

Pivot and Pillage: Lateral Movement within a Victim Network

Modern attackers are like ninjas, stealthily skulking in the shadows, using existing tools to blend in with everyday network activity.  This presentation accompanies our Lateral Movement Analysis Analyst Reference PDF to highlight ways to detect and defeat these hidden adversaries.

Pivot and Pillage Presentaion (pdf)

Download

BYOD or Bring Your Own Destruction

Bring Your Own Device is a paradigm that allows employees to access critical data from almost anywhere using devices that cost the employer nothing. Or do they? We'll take a look at many of the challenges and assumptions that have gone into BYOD policies, or lack thereof, and take a moment to evaluate how reasonable our rush to embrace this approach has been. We'll consider technical challenges such as vulnerability management, mobile device management platforms, and mobile device forensic challenges and look at what countermeasures we can employ to acknowledge and address the reality of this model. 

BYOD Presentation (pdf)

Download

Contact Us

Inquiries and Requests

Forward Defense

Email: info@forwarddefense.com

Phone: +971 2 676 7676

Address: 51st Floor, Addax Tower

City of Lights

Al Reem Island

Abu Dhabi, UAE