LISIRT – LIFARS Computer Security Incident Response Team

LISIRT is based in the United States and in Europe and is focusing mostly on digital forensics, incident response, threat hunting, pentesting, auditing, and advisory services.

Firstly, the team’s constituency consists of organizations and companies that opted to elect LIFARS as its IR team through a retainer contract. Secondly, an organization will be a temporary constituent when it contracts LIFARS to respond to an incident, either as a sole responder or as part of a larger team.

LISIRT’s Mission Statement

LISIRT Becomes a Client’s Key Incident Response HELPR as we strive to:

Help prepare for cybersecurity incidents

Educate regarding current cybersecurity incidents, events, and threats

Liaise with law enforcement agencies where necessary, mandated, or required by law

Partner with public and private CERTs

Respond promptly to cybersecurity incidents by assisting with identification, containment, eradication, and recovery from the incident, using LIFARS’s professional services

Incident Response

• Alerts & Warnings
• Managed Detection and Response
• Containment, Eradication & Recovery
• Post-Incident Activity
• On-Site Incident Response
• Remote Incident Response
• Incident Response Coordination
• Digital Forensics & Malware Analysis
• Bitcoin Payments

Proactive Services

• Threat Hunting
• Penetration Testing
• Red Teaming
• Secure Code Review
• Phishing Simulations
• Security Audits
• Tabletop Exercises
• Cyber Resiliency Trainings

LISIRT is now a Listed member in the TF-CSIRT Trusted Introducer (TI) and will continue its journey towards Accreditation and ultimately the Certification. Meanwhile, we adopted the Security Incident Management Maturity Model (SIM3) to govern, document, perform and measure its functions and operations. For example, TF-CSIRT/Trusted Introducer uses this model for certification of CSIRT/CERT teams.

CSIRT is the abbreviation for ‘Computer Security incident response team’ and it is a dedicated or ad-hoc team in an organization with the main goal to respond to cybersecurity incidents. The terms CSIRT and CERT are usually used interchangeably but there may be slight differences in the scope of services they provide.

Historically, the term Computer Emergency Response Team (CERT) has been used first by the CERT Coordination Center (CERT-CC) at Carnegie Mellon University (CMU) in 1988 and it is now a registered trademark in many jurisdictions. The emergence of the term is tied with the outbreak of the infamous Morris Worm. Ultimately, this worm paralyzed approximately 10% of the Internet and which was the first felony in the US under the 1986 Computer Fraud and Abuse Act.

During the daily work as forensic analysts, malware analysts, incident responders, threat hunters, pentesters and consultants, LISIRT often encounters interesting things. More importantly, sometimes they are worth sharing with the world. Therefore, we gave birth to LIFARS TechDiary. In this place, we will publish observations, remarks and case studies resulting from LISIRT’s engagements. In short, follow us on Twitter!

• https://lifars.com/knowledge-center/923-words-on-ntuser-dat/
• https://lifars.com/2020/05/what-can-happen-when-you-click-on-phishing-link-containing-malicious-vbs-script/
• https://lifars.com/knowledge-center/the-spy-who-encrypted-me/
• https://lifars.com/knowledge-center/session-hijacking-case-study/
• https://lifars.com/knowledge-center/windows-shellbags-forensics-investigative-value-of-windows-shellbags/
• https://lifars.com/knowledge-center/osquery-for-cyber-incident-response/
• https://lifars.com/knowledge-center/malware-analysis-of-dridex-bitpaymer-and-doppelpaymer-campaign/