Defensive

The incident response lifecycle, evidence handling, disk, memory and network forensics, log analysis.

1. 01The incident response lifecycleHow organisations prepare for and handle security incidents: the classic phases, the modern NIST CSF-aligned model, and the team and plans behind them.~5 min read
2. 02Digital forensicsEvidence handling, chain of custody, the order of volatility, and disk, memory and network forensics.~4 min read
3. 03Security operations: SOC, SIEM and the blue teamHow defenders monitor at scale: the SOC, SIEM and SOAR, detection engineering, threat hunting, and the colour-coded teams.~4 min read