During an incident, things happen so fast that it’s hard to keep track. While there are many roles for an Incident response team, the most labor intensive, in the authors opinion, has to be the Incident Recorder. Being able to track an incident is also important if that incident has any legal ramifications. As forensic investigators know, creating a timeline and capturing relevant information is important if you need to go back and report details. This is why I have created the first of many programs called Incident recorder. the presentation will cover the perceived common steps in a Incident and how the open source tool can be used to help. This will be a short slide presentation followed by a demonstration of an automation tool for Security Incident recorders. It’s still being developed, but It is publicly available now in Beta from GitHub. Part of the presentation will also be feature requests for further development objectives. Incident recorder will also be the first stand-alone module in the automation project of Incident response.
Kenneth Ray has been working in security close to 2 decades and close to 4 decades in IT in general. He is jovial, humble, intelligent, straightforward, and unreserved. He has held many positions and accomplished multiple goals in both IT and Information Security Fields. He has a GCFE Gold, Security++, A++, and Network++ Certifications. he has real world experience in: red/blue/purple team Operational Security and incident response SEIM engineering and operations, and a plethora of other buzzwords related to InfoSec and IT.