I got moved into IH about 2 months ago. I have a degree in information security, so this has been my goal to be doing investigations.
I use no less than 10 tools to investigate phishing cases. I was granted access to around 30-40 tools/services or locations in general. The case management system we use is so clunky and vague. I find myself during the course of my investigation getting lost and confused. Nothing is automated or adaptive.
It takes me about 4-6+ hours to work a case. If I am interrupted, one of the various systems I’m using will lock me out. Or I’ll lose my train of thought. Or forget where I pasted something.
I tried maybe doing my investigation first, then building my case but then I got really confused.
I tried building a template for th various stuff I have to input.
The stuff we input in these cases is very trivial. I feel like I’m doing busy work.
I feel like an investigation is so slow. We don’t even isolate the threat first.
Is this it? This is what I’ve been studying and working my way up to?
Does anyone have any advice for me?