June 11, 2021

Investigation workflow

I got moved into IH about 2 months ago. I have a degree in information security, so this has been my goal to be doing investigations.

I use no less than 10 tools to investigate phishing cases. I was granted access to around 30-40 tools/services or locations in general. The case management system we use is so clunky and vague. I find myself during the course of my investigation getting lost and confused. Nothing is automated or adaptive.

It takes me about 4-6+ hours to work a case. If I am interrupted, one of the various systems I’m using will lock me out. Or I’ll lose my train of thought. Or forget where I pasted something.

I tried maybe doing my investigation first, then building my case but then I got really confused.

I tried building a template for th various stuff I have to input.

The stuff we input in these cases is very trivial. I feel like I’m doing busy work.

I feel like an investigation is so slow. We don’t even isolate the threat first.

Is this it? This is what I’ve been studying and working my way up to?

Does anyone have any advice for me?

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.