Python Forensics & DFIR Automation

Objectives

• Script the parsing of evidence and IOCs • Automate network analysis • Build a triage collector • Industrialise a DFIR pipeline

Module bricks

• BRQ-DEF-051 — Evidence parsing in Python (2 lab(s))
• BRQ-DEF-052 — Scripted network analysis (DSHELL) (1 lab(s))
• BRQ-DEF-053 — Automated DFIR triage in Python (1 lab(s))
• BRQ-DEF-054 — IOC detection & enrichment (YARA) (2 lab(s))
• BRQ-DEF-055 — Forensics at scale (Python pipeline) (2 lab(s))