TryHackMe IR Philosophy and Ethics Walkthrough
a.infosecflavour
Posted on May 17, 2024
Hello!
TryHackMe launched another eye-catching and food for thought type of room: IR Philosophy and Ethics.. It summarizes in a captivating and interactive way the process, ethics, duties and dilemmas in Digital Forensics and Incident Response (DFIR).
Different scenarios and case studies illustrate potential challenges faced by DFIR Teams.
With that being said, let's find out some of the answers!
Task 2- DFIR Recap
During containment, what must be done to compromised systems to prevent more damage?
The answer can be found just right here:
An adversary's entry point to an organisation can be identified as?
And the answer can be taken from here...
What key action must be taken during recovery?
So far so good! 💥
Task 3- Ethics in DFIR
As a DFIR analyst, one must avoid any bias. What principle would you be embodying?
And I know this from here...
Creating a map of the data handling journey during evidence preservation is establishing a what?
I guess it's here! 😉
What does providing regular updates to stakeholders ensure?
No words needed to say...
How are you feeling now? 🌞
Task 4- Duties to DFIR Teams
Which duty involves building and maintaining trust with stakeholders during a cyber breach investigation?
Is that so? 😸
To ensure transparency, DFIR teams have a duty to?
For the next question, the answer lies in this extremely interesting case study: Ethics for Incident Response and Security Teams - Case Studies which I really recommend you to read it, independently of the task!
Based on the duty to inform case study, what should be considered when deciding whether to investigate a breach? (Answer1 vs Answer2)
Here the answer can be tricky and I will not hide the fact that initially I really thought that the answer is in the form of noun vs noun, aspect fortified by the two-lettered second word! Fortunately, the answer was still easy to be retrieved:
Based on the duty to responsible collection case section, what should be set in advance to prevent excessive data collection?
In this question, we are thrown back in the walkthrough.
Last but not least...
Under which duty would teams ensure to operate within the bounds of the law and organisational policies?
The answer is authorized here:
Task 5- Face the Dilemmas
I'm also facing a dilemma right now, since I think it would be more beneficial for you to actually go through this nice, useful game, than posting the answer!
It's really easy to discover the answers and I believe in you that you'll find the flag!
Before bye-bye
Thank you for your interest in this subject and in the article. If you want to find out more, I'll leave you here other 3 resources:
Let me know your thoughts! 😉
Posted on May 17, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.