Talk With an Expert

Investigative Forensic Workflow-based Case Study for Vectra and Cyphort

Investigative Forensic Workflow-based Case Study for Vectra and Cyphort (PDF, 4.85MB)Published: 18 Dec, 2015
Created by
Jennifer Mellone

This paper addresses real-world enterprise Vectra and Cyphort detections and walks through adetailed forensic workflow case study resulting in conclusive findings. Even though theworkflow is based on the Vectra and Cyphort commercial detection platforms, this workflowis applicable to security events generated by other commercial or free products. Vectraperforms behavioral analysis to detect malicious activities on the network. Cyphort performsmalware detection. Upon notification of Vectra and Cyphort events, the security analyst mustdrill into the events with respect to the target host to find out if it was the victim of amalicious attack. This requires an investigative workflow using forensic tools and Internetresearch. Free forensic tools are primarily used for the analysis, but commercial products Bit9and Carbon Black are also used to corroborate evidence. The workflow is the same whetherthe findings are confirmed to be true or false positives.