Digital Forensics and Incident Response (DFIR) exercise is an exercise where training audience needs to investigate already happened cyber-attack. DFIR exercise is especially constructed for technical specialist, IT managers, and Security managers to learn how to identify different indicators of compromise, and conduct incident management and incident response.
DFIR exercise is a great tool for organizations to test and evaluate their capabilities on conducting incident response within the organization or with collaboration with their service provider.
Total of 10 participants
Two work days
For the DFIR exercise JYVSECTEC’s Red Team experts create realistic attacker campaign. The attacker campaign includes all the different phases of attack:
Command and control
Action based on objectives
The DFIR scenario
The scenario used in the exercise involves a financial company NorthernBank, which provides banking services for Retail&Commerce Companies and consumer customers. In the scenario the bank has a suspicion of a potential breach occurred which needs to investigated by the trainees. Participants have wide variety of tools in use and they will operate as members of Incident response Team created by Bank. Members have access to the Bank IT infrastructure and services.
Example roles for participants
Log / Security