DFIR providers all over the world right now are facing the same demand: deliver services faster, cheaper, and better. That's an immense challenge when we're faced with a severe skills shortage, increasingly vast client data sets, and a daunting array of manual tasks and processes.
So, what's the solution? By incorporating techniques from DevOps (automation pipelines, microservices), IaC (infrastructure as code), and wrapping everything within intuitive GUIs, we can build environments that facilitate incredibly fast forensic triage and generate timely findings even when faced with terabytes of inbound data.
Throughout my talk I will walk you through how we've designed this ""Forensics as a Service"" model, discuss the core technical design principles, the challenges and lessons learned, and end with some recommendations on how the DFIR community can take this model forward with an open-source and collaborative spirit."