Applying the Critical Security Controls to a DFIR Lab Network
SANS institute has published a fresh white paper by Scott Perry. Here is its abstract:
Digital Forensics and Incident Response (DFIR) teams in the United States need to expand their capabilities to meet the continually growing data size and complexity of emerging cases. An effective solution is to provide investigators remote access to forensic networks hosted in a secure, accredited lab. Remote access allows greater access and flexibility while providing expandable and capable networks, but comes at the cost of increased vulnerability. This paper will apply the Critical Security Controls (v6) to a DFIR network operating with remote access.