hack.lu

DFIRTrack - The Incident Response Tracking Application
10-19, 10:00–12:00 (Europe/Luxembourg), Vianden&Wiltz

DFIRTrack (Digital Forensics and Incident Response Tracking application) is an open source web application focused on handling major incidents with many affected systems. This workshop will show you how to use DFIRTrack in an efficient way using the various features.


Are you an Incident Responder working on large (customer) security incidents? Are you tired of maintaining huge spreadsheets (aka Spreadsheet of DOOM)? Do you have to manually create customer system or artifact reports? Then DFIRTrack may be just what you are looking for...

In this workshop we will show you how to install, configure and use DFIRTrack. We will cover the following features in detail:
- Installation ( manually and using docker or ansible)
- Configuration and customization
- Overview of the main entities (systems, artifacts, tasks, ...)
- Import, export and manipulation capabilities
- Automation through scheduled tasks and workflows
- Roadmap, feedback and feature discussion

Most things will be done through hands-on examples. A notebook is required, ideally with a working Docker setup.

Digital Forensics analyst for more than 9 years, Incident Response consultant for more than 7 years, Remediation avoider since forever, initial creator of DFIRTrack and Awesome Event IDs.

Lionne has 7+ years of experience in the IT security sector. He has been working as an Incident Response Analyst for about 3 years and is a DFIRtrack contributor.