Digital Forensic and Incident Response (DFIR)

Digital Forensics and Incident Response (DFIR) is a specialized cybersecurity functional sub-field traditionally associated with computer emergency response teams (CERT) or computer security incident response teams (CSIRT) called in to respond to a cybercrime or similar emergency.

DFIR relies on evidence found in filesystems, operating systems, information system hardware, and other evidentiary sources for the sake of criminal reconstruction. While CERT/CSIRT teams still monopolize most incident response job functions, their advanced tools and techniques are increasingly being incorporated into everyday proactive security practices, such remote forensic triage, in order to level the playing field with sophisticated cybercriminals.