Anomaly Detection & Threat Hunting with Anomalize, (Sat, Jun 16th)

When, in October and November’s posts, I redefined DFIR under the premise of Deeper Functionality for Investigators in R, I discovered a “tip of the iceberg” scenario. To that end, I’d like to revisit the concept with an additional discovery and opportunity. In reality, this is really a case of DFIR (Deeper Functionality for Investigators in R) within the general practice of the original and paramount DFIR (Digital Forensics/Incident Response).

Article Link: https://isc.sans.edu/diary/rss/23772