THM Corp has been hit by a significant digital break, where touchy organization and client information has been compromised. The break is compromising the presence of the company. Security groups, including occurrence responders, dive in to attempt to contain the break, confronting different predicaments towards protecting protection freedoms, disentangling who the enemies are and reestablishing the organization’s trustworthiness. Moreover, they need to guarantee that partners and general society are resisted the urge to panic by being in charge of the account of the break.
This is one situation that incalculable DFIR groups face universally while directing their examinations. There is a combination of theory, moral contemplations and specialized ability to explore testing security predicaments.
This room has been composed utilizing situations to be a cauldron where we can face a portion of these quandaries head-on, gain circumstance mindfulness and challenge ourselves to settle on the right and moral choices during legal examinations.
The TryHackMe “IR Philosophy and Ethics” room delves into the ethical side of Incident Response (IR). It presents real-world scenarios that test your decision-making in situations where ethics clash with technical needs. You’ll learn to prioritize actions, consider user privacy, and navigate complex choices that arise during a cyberattack. While not a technical deep dive, this room is a valuable training ground for security professionals to develop strong ethical judgment for effective IR.
Answers for this room:
Task 1:
1.DFIR Philosophy, Ethics and Dilemmas! Here we go!
Ans: No Answer needed
Task 2:
2.During containment, what must be done to compromised systems to prevent more damage?
Ans: isolate and quarantine
3.An adversary’s entry point to an organisation can be identified as?
Ans: ground zero
4.What key action must be taken during recovery?
Ans: patch vulnerabilities
Task 3:
5.As a DFIR analyst, one must avoid any bias. What principle would you be embodying?
Ans: Objectivity
6.Creating a map of the data handling journey during evidence preservation is establishing a what?
Ans: Chain of Custody
7.What does providing regular updates to stakeholders ensure?
Ans: Transparency
Task 4:
8.Which duty involves building and maintaining trust with stakeholders during a cyber breach investigation?
Ans: Trustworthiness
9.To ensure transparency, DFIR teams have a duty to?
Ans: Inform
10.Based on the duty to inform case study, what should be considered when deciding whether to investigate a breach? (Answer1 vs Answer2)
Ans: risk vs embarrassment
11.Based on the duty to responsible collection case section, what should be set in advance to prevent excessive data collection?
Ans: clear policies and procedures
12.Under which duty would teams ensure to operate within the bounds of the law and organisational policies?
Ans: Authorisation
Task 5:
13.What is the flag?
Ans: THM{Face_Your_DFIR_Ethical_Dilemmas}
Task 6:
14.Continue on to IR Difficulties and Challenges!
Ans: No Answer needed
I look forward to seeing you again soon
Stay Connected – Audit Mania