During our progression through the Google Cybersecurity Professional course, we consistently employed a structured template to meticulously document our insights following each activity completion or to jot down comprehensive notes elucidating our grasp of a particular tool or concept. This journal served as a pivotal resource for cataloging significant observations concerning various cybersecurity tools and concepts encountered throughout the course curriculum.
The importance of documentation cannot be overstated in numerous facets of cybersecurity, where an incident handler’s journal plays a pivotal role in meticulously recording pertinent information related to security incidents as they unfold. A proficient security practitioner may find themselves regularly updating their incident handler’s journal with multiple entries, leveraging it as an invaluable repository to recall critical concepts and tools at a moment’s notice.
Incident handler’s journal
Date: | Entry: #1 |
Description |
Documenting a cybersecurity incident
This incident unfolded in two main stages:
|
Tool(s) used | None. |
The 5 W's |
|
Additional notes |
|
Date: | Entry: #2 |
Description | Analyzing a packet capture file |
Tool(s) used | During this task, I employed Wireshark, a network protocol analyzer renowned for its intuitive graphical user interface. Wireshark's significance in the realm of cybersecurity lies in its capability to capture and scrutinize network traffic, empowering security analysts to detect and probe into potentially malicious activities effectively. |
The 5 W's |
|
Additional notes | As someone with experience as an IT technician and web programmer, my interaction with Wireshark has been limited. However, diving into this exercise to analyze a packet capture file was a fresh and intriguing challenge for me. Initially, I found the interface to be quite daunting, but I quickly recognized its potential as a robust tool for gaining insight into network traffic dynamics. |
Date: | Entry: #3 |
Description | Packet capture |
Tool(s) used | During this task, I utilized tcpdump to capture and inspect network traffic.
Tcpdump serves as a command-line accessible network protocol analyzer. Much like Wireshark, tcpdump holds significance in cybersecurity as it enables security analysts to capture, filter, and scrutinize network traffic, aiding in threat detection and analysis. |
The 5 W's |
|
Additional notes | Although I'm familiar with the command-line interface from my experience as an IT technician and web programmer, capturing and filtering network traffic presented a new challenge for me. I encountered some difficulties along the way, particularly due to using incorrect commands, which led to getting stuck a couple of times. However, by diligently following the instructions and retracing my steps when necessary, I successfully navigated through this activity and effectively captured network traffic. |
Date: | Entry: #4 |
Description | Investigate a suspicious file hash |
Tool(s) used | In this task, I utilized VirusTotal, a versatile tool designed for investigating files and URLs to uncover potential malicious content like viruses, worms, and trojans. It's particularly beneficial for swiftly verifying if a given indicator, such as a website or file, has been flagged as malicious within the cybersecurity community. During this exercise, I employed VirusTotal to scrutinize a file hash, which had been flagged as malicious.
This incident unfolded during the Detection and Analysis phase, wherein I assumed the role of a security analyst at a Security Operations Center (SOC) tasked with investigating a suspicious file hash. Following the detection of the suspicious file by our security systems, I conducted thorough analysis and investigation to ascertain the legitimacy of the alert and determine whether it posed a genuine threat. |
The 5 W's |
|
Additional notes | What measures can we implement to prevent such incidents from occurring again? Is it worth exploring enhancements to our security awareness training to encourage employees to exercise caution when interacting with online content? |
Reflections / Notes
|