I recently had an opportunity to review the book, Effective Threat Investigation for SOC Analysts, by
Mostafa Yahia.
Before I start off with my review of this book, I wanted to share a little bit about my background and perspective. I started my grown-up “career” in 1989 after completing college. I had a “technical” (at the time) role in the military, as a Communications Officer. After earning an MSEE degree, I left active duty and started consulting in the private sector…this is to say that I did not stay with government work. I started off by leading teams conducting vulnerability assessments, and then over 22 yrs ago, moved over to DFIR work, exclusively. Since then, I’ve done FTE and consulting work, I ran a SOC, and I’ve written 9 books of my own, all on the topic of digital forensic analysis of Windows systems. Hopefully, this will give you some idea of my “aperture”.
My primary focus during my review of Mostafa’s book was on parts 1, 2, and 4, as based on my experience I am more familiar with the material covered in part 2. My review covers about 7 of the 15 listed chapters, not because I didn’t read them, but because I wanted to focus more on areas where I could best contribute.
That being said, this book serves as a good introduction to materials and general information for those looking to transition to being a SOC analyst, or those newly-minted SOC analysts, quite literally in their first month or so. The book addresses some of the data sources that a SOC
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from Windows Incident Response
Read the original article: