Event banner

Microsoft Detection and Response Team (DART) AMA

Event Ended
Tuesday, Mar 15, 2022, 09:00 AM PDT
In-Person

Event details

We are very excited to announce our Microsoft Detection and Response Team (DART) AMA!   About DART: Our job is to respond to compromises and help our customers become cyber-resilient. This is al...
Trevor_Rusher
Updated Feb 16, 2022
AMA
Chad_Munkelt's avatar
Chad_Munkelt
Copper Contributor
Mar 15, 2022
For someone who is trying to build out their internal DFIR capabilities, what are a few key areas you would recommend they focus on? What are your thoughts on live triage vs traditional forensics (disk images etc.)?
Jamesmoe's avatar
Jamesmoe
Icon for Microsoft rankMicrosoft
Mar 15, 2022
Identity is the mechanism by which most attacks execute on their objectives. They may get in several different ways; however, the real question is how did they privilege escalate from a normal user to a privileged user? So making sure you are implementing identity detections is key to stitching together the various artifacts into a true attack timeline.
Date and Time
Mar 15, 20229:00 AM - 10:00 AM PDT