Just a reminder, if you are dealing with a security incident you really can& #39;t rush it. IR can take time. If you rush, you& #39;ll get it wrong.

Everyone gets stressed but good management is needed to ensure its a methodological process. This is the difference between win/lose here.
As one in my heroes said, and I often repeat:

"If you are moving too fast to keep detailed IR notes, you are moving too fast"

The more you rush the more mistakes will happen. This is not a sign of missing skill, it& #39;s basically a law of physics.
This isn& #39;t saying go slow and bill by the hour. Its saying be aware that things take time. Immature organisations will scream for fast action, but that& #39;s just panic. It will often be a rush to mess up & spend longer un-messing things.
Tl;dr: a steady, methodological approach is the ONLY sensible way to do DFIR. Don& #39;t panic- rush things.
You can follow @tazwake.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: