by Dr. Olivier Cros, Cyber Incident Responder @ Airbus Protect on 2022-07-27

Digital Forensics & Incident Response: why do firemen always come too late?

Why is time management so important in Digital Forensics & Incident Response? 
Digital Forensics and Incident Response (DFIR) is a very specific domain of cybersecurity where time is the enemy. Each lost minute or hour during the crisis could either imply incident escalation or lead to lose another set of logs due to bad retention and time rolling. Of course, analysis takes time, but it often happens for companies to have days, weeks...even sometimes months between initial incident detection and DFIR teams’ intervention. 

The following article intend to give basic advices on how to speed up the beginning of an investigation, between the first detection and the start of the analysis.
First step – Confirm the incident
Usually, detecting a Russian popup on a Domain Controller in the middle of the night is kind of bad news. Especially on work-off hours or during weekends, context switching will cost you time, not to mention going over the fright and surprise. We call it the “stupefaction phase”. As soon as the incident is confirmed, the goal is to not lose too much time trying to over-identify it. Keep in mind that, at this time, it is more critical to be able to start the DFIR process as soon as possible than to dispose of more information on what’s precisely happening. After all, it is the DFIR team role to bring you a diagnosis about what is happening and help you [...]

CSIRT explained by Airbus Protect
  • Share

Discover all the latest releases

Everything you need to know about NIS 2 Directive Cybersecurity

The NIS 2 Directive – your questions answered

Charlotte Graire, Senior Manager of Business Growth, answers the 5 Ws around the EU’s incoming NIS 2 Directive. A new European cyber security regulation is arriving soon. The second iteration of the Directive on Security of Network and Information Systems (NIS 2) is designed to strengthen Member States’ cyber security capabilities and reduce fragmentation at […]

Read more
Digital twins with light blue background Innovation

Digital Twins in companies

Contribute to the assessment of the environmental performance of companies using digital twins for simulation and decision making. What are the challenges of adopting the taxonomy of sustainable activities at EU level? Taxonomy at EU level On April 21, 2021, the European Commission adopted a set of measures aimed at better directing capital flows towards […]

Read more
Honeypot & deceptive security Cybersecurity

Deceptive security: how to catch more flies with honeypots

From governments to industrial manufacturers, organisations across all sectors are experiencing an unprecedented level of cyber-attacks, intrusion attempts and malware. To stay one step ahead, it’s crucial for cyber security leaders to gain a deep understanding of attackers’ tactics, equipment and methods, without compromising the confidentiality, integrity and availability of their organisation’s systems. Increasingly, honeypots […]

Read more
Satellite cyber security - Airbus Protect Cybersecurity

Satellite cyber security is more important than ever – here’s why

Orbiting miles above us, satellites play a crucial role in ensuring life on Earth runs smoothly. Navigation systems, TV broadcasts, weather and climate monitoring, military communications and IoT devices all rely on satellites. And our dependence on them is increasing each day. Consider the recent launch of Elon Musk’s Starlink internet system, which uses satellites […]

Read more
The golden age of ransomware - Airbus Protect Cybersecurity

The golden age of ransomware: what you should know

So far this year, 68.5% of all cyber-attacks worldwide have been ransomware related – representing an all-time high. The popularity of ransomware has been rising steeply since 2018. It’s no surprise then, that many have dubbed this the golden age of ransomware. With over 300 million ransomware attacks occurring annually, it’s not a question of if your organisation will face […]

Read more
code lignes Cybersecurity

Think twice before implementing encryption

As we’ve seen before[*], encryption is a protection means rather than a security objective. Strong of that knowledge, we have clearly defined who should have access to our data, and who should not. Is encryption a good solution, then? Security attributes are often summed in three, sometimes four, basic properties that we may need to […]

Read more