Northwave workshop: How to respond to a cyber incident?

Digital Forensics and Incident Response for dummies

In the cyber security world, successful attacks are happening all the time with large impact on the day-to-day operations of organisations. You might think of blue teams trying to monitor for attacks and respond accordingly, or red teams trying to test the security of an environment, but have you ever heard of Digital Forensics and Incident Response (DFIR)? In the DFIR field, a Computer Emergency Response Team (CERT) helps with the forensics and incident response after a cyber-attack took place. But how does a CERT find out what a threat actor did to gain access to the network, and how do you bring an organisation back online in a safe way?

What you are going to do:
You are, together with other students, hired by an organisation to conduct a forensic investigation. The organisation that hired you was recently hacked by an unknown threat actor and cannot conduct their business anymore.

Your team is responsible for performing an analysis on how the threat actor hacked their way into the organisation. By doing this root cause analysis, the recovery team can use your findings to eradicate the threat actor from the network and get back to business. You will also advise how to prevent a similar incident in the future. Northwave provides the material and presentation that will get you up to speed to do this root cause investigation.

What you need:
• A laptop with a browser and internet access
• Teamwork with other students
• Very basic knowledge of Windows is recommended
• Big interest in hunting traces of threat actors, finding Indicators of Compromise and reporting on that

Unfortunately, you cannot enroll for this activity anymore, as the enrollment period has ended.

Who, what, where, when...

Committee for Lectures and Excursions
Northwave workshop: How to respond to a cyber incident?
Wednesday 17 May 2023 from 16:00 until 20:00 iCal-link