Threat investigation quick reference chart

When conducting a threat investigation, I have a quick reference chart that I keep stored between my ears. The problem is that location isn’t helpful to those I work with or assist. I put together a documented quick reference with my common go-to tools based on the SANS PICERL approach.

In case you are interested, here is what I normally think about when investigating an incident or actor. Hope it helps!

Threat investigation.PDF

MD5: 88d869978eae6cd5946e5484f4ec0256

Virus Total scan:

Leave a Reply

Your email address will not be published. Required fields are marked *