Successful DFIR From Preparation and Monitoring


Ransomware investigations rely on finding evidence of what the attackers did. You need log files, network and endpoint data. You need data from when the attack started, as it progressed, and up to the current state of the network. Without it, you’ll have gaps in your understanding of the attack.

In this talk, we are going to provide an overview of technologies that a company should have to ensure an effective response. We’ll look at stages of a ransomware attack and what kinds of tools can help to ensure data is retained and later analyzed.