The time it takes from an initial escalation to the initial discovery of compromise is a key metric. Teams strive to do this as quickly as possible, but there are a number of challenges. You do not know what you're going to be handed, but you're pretty much guaranteed It's going to be a unique set of circumstances that require some type of customized or mostly customized response. So how do you accomplish this? Most analyst rely on a set of tried and true various techniques that can be used at scale. This week I'm going to cover a few of them, each being a critical technique you should be familiar with for forensic investigations...