Reviewing DFIR data is often like searching the internet in the 90s. You are shown piles of unorganized data and you need to make sense of it. DFIR needs the equivalent of Google PageRank to prioritize what is shown first. Autopsy now has relevance scoring built into it as a first step towards prioritization. Any module can now assign relevance scores to files and artifacts. Those intermediate scores are used to determine the item's final score. Modules are now like a panel of judges who give their opinions on artifacts. The scores allow users to focus first on the most relevant items and ignore the less relevant ones. In this talk, we'll look at new scoring infrastructure and interfaces, which is based on several years of doing this in Cyber Triage. We'll define concepts behind the scoring process, how users see the scores, and how to make modules that apply scores. We'll also talk about future plans to expand the scoring and prioritization concepts.View upcoming Summits:
Download the presentation slides (SANS account required) at
#DFIR #DigitalForensics #Artifacts #DigitalArtifacts
Музыка
Фильмы
ТВ Шоу
Категории видео
