19. Digital Forensics and Incident Response (DFIR)
DFIR investigates breaches to reconstruct attack timelines and preserve evidence for legal proceedings. This mind map covers the complete forensic investigation workflow.
Topics Covered
- Evidence acquisition and preservation
- Chain of custody
- Disk forensics: Autopsy, FTK
- Memory forensics: Volatility
- Network forensics and PCAP
- Timeline analysis and correlation
- Windows Event Logs and Sysmon
- Malware artefact analysis
- Forensic reporting