#DFIR Automation Series

I use 4 levels of automation ranging from none to fully automated.

I think an ideal solution is to use full automation for low risk decisions. And recommendations for higher risk.

We use recommendations in Cyber Triage by scoring each artifact. You ultimately decide.

New Forensic Resource

What to do after you find TeamViewer:
→ Log files to find activity details
→ Executables to find installation times
→ Domains to find download source

Learn how to corroborate timelines to investigate suspicious TeamViewer.

www.cybertriage.com/blog/dfir-ne...

AI+LLMs in Digital Investigation Webinar

Join @carrier4n6.bsky.social and Sid Probstein as they discuss practical uses of AI and LLMs in digital investigations. Come learn from people who thought about these things for years before ChatGPT.

Aug 28 @ 11 AM

attendee.gotowebinar.com/register/243...

Digital forensics has always relied on automation and "push buttons". What's changed is how many things we automate and the technologies used.

No one ever chose to manually parse FAT12 floppy drives with a hex editor when they could have a tool list out the file names.

Adding automation to your #DFIR investigations means you have less decisions to make. Get rid of the tedious work! Focus on the fun stuff!

Here are my three thoughts on the most effective ways to add automation and which tools do them.

What are yours?

www.cybertriage.com/blog/3-ways-...