Tryhackme - DFIR: An Introduction

Tryhackme – DFIR: An Introduction

In this walk through, we will be going through the DFIR (An Introduction) room from Tryhackme. This room will cover the introduction of DFIR, some basic concepts used in the DFIR field, the Incident Response processes used in the industry and some of the tools used for DFIR. So, let’s get started.

DFIR: An Introduction

Task 1 – Introduction

Task 1 - Introduction

Task 2 – The need for DFIR

Question 1 – What does DFIR stand for?

Digital Forensics and Incident Response

Question 2 – DFIR requires expertise in two fields. One of the fields is Digital Forensics. What is the other field?

Incident Response

Task 2 - The need for DFIR

Task 3 – Basic concepts of DFIR

Question 1 – Complete the timeline creation exercise in the attached static site. What is the flag that you get after completion?

SIEM dashboard

Alert log

Checking syslog for malicious IP

Checking syslog for malicious file

THM Flag

THM{DFIR_REPORT_DONE}

Task 3 - Basic concepts of DFIR

Task 4 – DFIR Tools

Task 4 - DFIR Tools

Task 5 – The Incident Response process

Question 1 – At what stage of the IR process are disrupted services brought back online as they were before the incident?

Recovery

Question 2 – At what stage of the IR process is the threat evicted from the network after performing the forensic analysis?

Eradication

Question 3 – What is the NIST-equivalent of the step called “Lessons learned” in the SANS process?

Post-Incident Activity

Task 5 - The Incident Response process

Task 6 – Conclusion

Task 6 - Conclusion

Also Read: Tryhackme – CTF collection Vol.1

So this was “DFIR” room for you. We covers the basics of Digital Forensics and Incident Response methodology, gone through some of the tools that are actively used in the industry and completed a series of tasks to test the theory we have learned through out the room. This was an introductory room but keep learning about the field on your own, i will also be covering some Blue Team stuff more in the future but till then, “Keep learning”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top