/incident-response-playbooks

Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidents

Creative Commons Attribution Share Alike 4.0 InternationalCC-BY-SA-4.0

DFIR Playbooks and Wiki

This repo will hold playbooks for common IT-Security related incidents and technical guidance for Forensic Analysis. It will be highly influenced by my job as incident responder. Feel free to share and add content as you go.

This repo will be published on the webpage vault53.de as mdBook project. Every push and merge request to the master branch should trigger a redeployment.

Structure

.
└── content/
    ├── README.md
    ├── SUMMARY.md
    ├── ...
    ├── playbooks  /
    │   ├── Ransomware/
    │   │   ├── ransomware-playbook.pdf
    │   │   └── ...
    │   └── Dos/
    │       ├── dos-playbook.pdf
    │       └── ...

License

Creative Commons SA 4.0 Logo

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License

Development

In most cases you should be able to write plain markdown and it should compile with Github actions just fine. If you want to run it on your local environment you will need mdBook and mdbook-admonish.

Reference Setup:

cargo install mdbook
cargo install mdbook-admonish
mdbook serve --open