Brad Garnett is the team leader in the Cisco Security Incident Response Services division. He works with organizations around the world. Brad writes about the power of logging in incident response.
PowerShell logging, Sysmon, an EDR solution such as Cisco AMP for Endpoints, and a memory forensics. This multi-layered approach allows for detection and response.
If you want to increase your ability to respond to incidents, you can contact Bred and his team.
DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.
