Brian Carrier
@carrier4n6.bsky.social
Automation is when the tool does the next step for you.
That doesn't mean it does the final step and concludes the investigation. Just a bunch of the needed steps in between. Automation still requires an investigator who asks the right questions and can understand context.
That doesn't mean it does the final step and concludes the investigation. Just a bunch of the needed steps in between. Automation still requires an investigator who asks the right questions and can understand context.
August 13, 2025 at 3:18 PM
Automation is when the tool does the next step for you.
That doesn't mean it does the final step and concludes the investigation. Just a bunch of the needed steps in between. Automation still requires an investigator who asks the right questions and can understand context.
That doesn't mean it does the final step and concludes the investigation. Just a bunch of the needed steps in between. Automation still requires an investigator who asks the right questions and can understand context.
I put things like hash lookups to known malware, Yara, Sigma, other types of rules, AI, etc. that assess an items relevance as being automated analysis.
Do you consider that analysis?
I now can't get the image of decorated Prefetch artifacts out of my head. Some goth. Some punk. Some preppy.
Do you consider that analysis?
I now can't get the image of decorated Prefetch artifacts out of my head. Some goth. Some punk. Some preppy.
February 11, 2025 at 9:01 PM
I put things like hash lookups to known malware, Yara, Sigma, other types of rules, AI, etc. that assess an items relevance as being automated analysis.
Do you consider that analysis?
I now can't get the image of decorated Prefetch artifacts out of my head. Some goth. Some punk. Some preppy.
Do you consider that analysis?
I now can't get the image of decorated Prefetch artifacts out of my head. Some goth. Some punk. Some preppy.
Thanks! We were using categories too for a while, but I never knew what to call the things inside the categories. They weren’t artifacts in the traditional sense because we had merged Prefetch etc together. And people were frequently asking us where to find just prefetch.
January 27, 2025 at 8:21 PM
Thanks! We were using categories too for a while, but I never knew what to call the things inside the categories. They weren’t artifacts in the traditional sense because we had merged Prefetch etc together. And people were frequently asking us where to find just prefetch.