Incident Response documents and tooling
Hi All,
Since there is so many amazing people creating incredible DFIR tools, I thought I’d focus on the thing everyone hates DOCUMENTATION. Will be updating Incident Response documents and procedures to help you get those pesky reports done and take notes quickly and efficiently. Always appreciate any feedback
Current Documents:
Incident_Evidence_Timeline.xlsx == Template for creating your own timeline along with tracking IOCs
TEMPLATE_Final Report == Don’t know where to start with your report, well use this template to have some solid headers and ideas
TEMPLATE_InvestigationNotes == This is where you list out your notes while investigating, if you fill this out you wil have 90% of your report written
TEMPLATE_Scoping == Pregenerated questions to ask while trying to figure out what this incident is about. TIP: Have one person ask and another write the answers
Check the latest Releases for the most updated version!
If you want more indepth walkthrough on how to use these templates, start here on my blog!
Twitter: @CyberCoat
Mastodon: ChocolateCoat