Advertisement
I've talked a lot in this blog about employing event categories when developing and, in particular, when analyzing timelines, and the fact is that we can use these categories for much more than just adding analysis functionality to our timelines. In fact, using artifact and event categories can greatly enhance our overall analysis capabilities. This is something that Corey Harrell and I have spent a great deal of time discussing.Link: Journey Into Incident Response

Advertisement
Advertisement