Learn how to perform distributed, real-time Digital Forensics and Incident Response (DFIR) using Osquery and Elastic to investigate threats at scale without relying on disk imaging.

Rethinking forensics in modern environments

From disk imaging to distributed DFIR

Osquery as a forensic interface

From alert triaging to forensic reconstruction

Hunts: Operationalizing forensic and threat hunting investigations

Scaling the investigation

From investigation to response

Detection with Osquery: From telemetry to signal

Investigation scenario: From malicious alert to root cause

Transform forensics to investigate and respond at scale

Get started with Elastic Security

Frequently Asked Questions

DFIR: From alert to root cause using Osquery without leaving Elastic Security

Author

Raquel Tabuyo

Articles

DFIR: From alert to root cause using Osquery without leaving Elastic Security