Know Your Enemy – Detection and Response with Offensive Digital Forensics
Special Guest: Tim Medin – Principal Consultant and Owner Red Siege
In this episode, we are joined by Tim Medin, SANS institute instructor, and owner of Red Siege Information Security, to discuss the importance of “knowing your enemy” in the world of forensics.
Today’s examiners not only need to be aware of how attackers got into the system, but also how to prepare themselves for a potential attack and to be on the offensive side of digital forensics rather than the defense.
While both sides are incredibly important and offer protection against those who try to break in, steal, and commit crimes, the offensive tends to be overlooked.
Luckily, there are multiple offensive tools available on the market today that allow us to better understand things like what an attacker can access over the network, which artifacts are left behind, and what detections can be obtained. But Tim stresses, “protection is not 100%…we also need detection and the response capabilities.”
Tim also explains the difference between commonly used terms for different teams in this realm:
Red Team – An offense to identify problems and test defenses and security from the defenders (which is the Blue Team)
Blue Team – The defenders, who are sometimes known as operations
Purple Team – Exists to locate and audit the mistakes of the other teams
Listen to the episode to learn more about offensive digital forensics, tools available to smooth out the process, and to hear the entire Q&A session with Tim Medin.