BSides London 2021 BSides London 2021
Join event to build your agenda.

Forensics as a Service: Building automated, scaleable, and accessible analysis environments

- GMT
Track 1

For the last four years, James has been helping cyber security teams innovate and reach their full potential by building infrastructure and crafting technical playbooks that get them delivering findings faster, cheaper, and better.

 

 He has a BA in English Literature and History, and a varied career covering many aspects of Cyber and IT. You can now often find him talking to people about DevOps, and his favourite word at the moment is ""scalability"


<Not Recorded>
DFIR providers all over the world right now are facing the same demand: deliver services faster, cheaper, and better. That's an immense challenge when we're faced with a severe skills shortage, increasingly vast client data sets, and a daunting array of manual tasks and processes.

  So, what's the solution? By incorporating techniques from DevOps (automation pipelines, microservices), IaC (infrastructure as code), and wrapping everything within intuitive GUIs, we can build environments that facilitate incredibly fast forensic triage and generate timely findings even when faced with terabytes of inbound data.

 Throughout my talk I will walk you through how we've designed this ""Forensics as a Service"" model, discuss the core technical design principles, the challenges and lessons learned, and end with some recommendations on how the DFIR community can take this model forward with an open-source and collaborative spirit."