In this part 2, we'll walk you through the step-by-step process of setting up and conducting a Digital Forensics and Incident Response (DFIR) investigation using a virtual machine (VM). We’ll cover everything from configuring the VM to ensure it’s completely isolated to tackling the challenges of USB passthrough with a write blocker. You'll also learn about the risks of using public threat intelligence platforms like VirusTotal and discover alternative methods for secure file analysis. Our goal is to share practical experiences and lessons learned from our investigation, offering useful insights and tips for anyone new to the field or looking to refine their DFIR skills. Whether you're a seasoned pro or just starting out, this article provides a clear and detailed look at best practices and important considerations in digital forensics and incident response. Setting Up the Virtual...
Building Forensic Expertise: A Two-Part Guide to Investigating a Malicious USB Device (Part 2)
read more
