Digital Forensics and Incident Response (DFIR)

<!DOCTYPE html> <html class="no-js" lang="en" dir="ltr"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" charset="utf-8" /> <meta http-equiv="x-ua-compatible" content="ie=edge" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <link rel="preload" href="//opt.rapid7.com/edge-client/v1/13222550/21485331595" referrerpolicy="no-referrer-when-downgrade" as="script"> <link rel="preconnect" href="//logx.optimizely.com"> <title>Digital Forensics and Incident Response (DFIR) | Rapid7</title> <meta property="og:url" content="https://www.rapid7.com/fundamentals/digital-forensics-and-incident-response-dfir/" /> <link rel="canonical" href="https://www.rapid7.com/fundamentals/digital-forensics-and-incident-response-dfir/" /> <link rel="alternate" href="https://www.rapid7.com/de/cybersecurity-grundlagen/digital-forensics-and-incident-response-dfir/" hreflang="de" /> <link rel="alternate" href="https://www.rapid7.com/fundamentals/digital-forensics-and-incident-response-dfir/" hreflang="en" /> <link rel="alternate" href="https://www.rapid7.com/ja/fundamentals/digital-forensics-and-incident-response-dfir/" hreflang="ja" /> <meta name="robots" content="index, follow" /> <meta name="title" content="Digital Forensics and Incident Response (DFIR) | Rapid7" /> <meta name="description" content="Unlock the secrets of DFIR to safeguard your organization from cyber threats. Dive into digital forensics and effective incident response strategies." /> <meta property="og:title" content="Digital Forensics and Incident Response (DFIR) | Rapid7" /> <meta property="og:image" content="https://www.rapid7.com/globalassets/rapid7-og.jpg" /> <meta name="twitter:image" content="https://www.rapid7.com/globalassets/rapid7-og.jpg" /> <meta name="twitter:title" content="Digital Forensics and Incident Response (DFIR) | Rapid7"> <meta name="twitter:card" content="summary_large_image"> <meta property="og:site_name" content="Rapid7" /> <meta property="og:description" content="Unlock the secrets of DFIR to safeguard your organization from cyber threats. Dive into digital forensics and effective incident response strategies." /> <link rel="stylesheet" href="/includes/css/all.min.css?cb=1738175921178"> <link rel="stylesheet" href="/includes/css/bundles/shared/cards.min.css?cb=1738175921178" /> <link rel="stylesheet" href="/includes/css/bundles/pages/page.fundamentals-detail.min.css?cb=1738175921178" /> <link rel="stylesheet" href="/includes/css/bundles/partials/sidebar-menu.min.css?cb=1738175921178" /> <link rel="stylesheet" href="/includes/css/bundles/blocks/block.multi-feature-card-block.min.css?cb=1738175921178" /> <meta name="facetcat" content="r7" /> <script> var gIp = {"countryIsoCode":null,"subdivisionIsoCode":null,"continentIsoCode":null}; window.dataLayer = window.dataLayer || []; window.dataLayer.push({ 'conversionType': 'secondary', }); window.dataLayer.push({ 'auth': false }); window.dataLayer.push({ 'ip': '' }); window.dataLayer.push({ 'isTrialUser': false, 'isCustomer': false }); </script> <script src="https://opt.rapid7.com/edge-client/v1/13222550/21485331595" referrerpolicy="no-referrer-when-downgrade"></script> <script> (function (w, d, s, l, i) { w[l] = w[l] || []; w[l].push({ 'gtm.start': new Date().getTime(), event: 'gtm.js' }); var f = d.getElementsByTagName(s)[0], j = d.createElement(s), dl = l != 'dataLayer' ? '&l=' + l : ''; j.async = true; j.src = 'https://www.googletagmanager.com/gtm.js?id=' + i + dl; f.parentNode.insertBefore(j, f); })(window, document, 'script', 'dataLayer', 'GTM-WBTPTVC');</script> <link rel="icon" type="image/x-icon" href="/includes/img/favicon.ico"> <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Mulish:wght@800;900&family=Roboto:wght@300;400;700"> <link rel="preload" href="/includes/fonts/FFGoodProCompressedBlack/FFGoodProCompressedBlack.woff2" as="font" type="font/woff2" crossorigin="anonymous" /> <link rel="preload" href="/includes/fonts/FFGoodProCompressedBlack/FFGoodProCompressedBlack.woff" as="font" type="font/woff" crossorigin="anonymous" /> <script src="https://code.jquery.com/jquery-3.6.4.min.js" integrity="sha256-oP6HI9z1XaZNBrJURtCoUT5SUnxFr8s3BzRl+cbzUq8=" crossorigin="anonymous"></script> <script src="/includes/js/populateCountryState.js"></script> </head> <body id="fundamentals-detail" class="pg-id-47779 cerberus bg-diffdots-and-spiral-pattern" data-page="47779">  <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-WBTPTVC" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>  <div id="__"></div>  <div class="off-canvas-wrapper"> <div class="off-canvas-wrapper-inner" data-off-canvas-wrapper> <div id="r7-global-nav"> <header class="r7-nav mobile show-main--init "><section class="search-bar search-bar--mobile hide animate-out"><form action="/search"><div class="container flex flex-jc-c flex-ai-c"><div class="search-content flex flex-jc-fs flex-ai-c"><i class="r7-icon r7-icon-search-magnify"></i><input type="search" class="search-input" name="q" placeholder="Search"/><input type="submit" class="search-submit button blue" value="Search"/><a id="btnSearchCloseMobile" class="search-close"><i class="r7-icon r7-icon-delete-x"></i></a></div></div></form></section><div class="search-overlay search-overlay--mobile overlay "></div><nav class="main-nav "><div class="container flex flex-jc-sb flex-ai-c"><div class="flex flex-jc-c flex-ai-c"><a class="main-nav__toggle"><i class="r7-icon text-white"></i></a></div><a class="main-nav__logo flex flex-jc-c flex-ai-c text-center" href="https://www.rapid7.com/" target=""><img src="/Areas/Docs/includes/img/r7-nav/Rapid7_logo.svg" alt="Rapid7 Home"/></a><a class="search flex flex-jc-c flex-ai-c"><i class="r7-icon r7-icon-search-magnify text-white"></i></a></div><div class="main-nav__links flex flex-jc-c"><ul><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="" aria-role="button" aria-haspopup="dialog" aria-controls="4f726684-d5cd-4b5c-998b-ea7848ad67b9">Platform</a><div id="4f726684-d5cd-4b5c-998b-ea7848ad67b9" class="dropdown-content two-col" role="dialog" aria-labelledby="Platform"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">TECHNOLOGY</div><div class="dropdown-footer-title">The Rapid7 Command Platform</div><div class="dropdown-footer-subtitle">AI-Powered Cybersecurity Platform</div></div><div class="dropdown-button column-pad"><a href="/platform/" class="button" aria-role="button">Explore</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">PLATFORM</li><li class="dropdown-item"><a href="/platform/"><div class="dropdown-text">Platform<div class="dropdown-category">ELITE TECHNOLOGY</div></div></a></li><li class="dropdown-item"><a href="/info/ai-hub-page/"><div class="dropdown-text">AI-Engine<div class="dropdown-category">INTELLIGENT TOOLS</div></div></a></li><li class="dropdown-item"><a href="/research/"><div class="dropdown-text">Rapid7 Labs<div class="dropdown-category">TRUSTED INTELLIGENCE</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">SOLUTIONS</li><li class="dropdown-item"><a href="/services/managed-detection-and-response-mdr/"><div class="dropdown-text">Managed Threat Complete<div class="dropdown-category">MANAGED XDR</div></div></a></li><li class="dropdown-item"><a href="/products/command/attack-surface-management-asm/"><div class="dropdown-text">Surface Command<div class="dropdown-category">ATTACK SURFACE MANAGEMENT</div></div></a></li><li class="dropdown-item"><a href="/products/command/exposure-management/"><div class="dropdown-text">Exposure Command<div class="dropdown-category">EXPOSURE MANAGEMENT</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="/products/" aria-role="button" aria-haspopup="dialog" aria-controls="e59941ca-7736-4046-9a98-98133193c4ce">Products</a><div id="e59941ca-7736-4046-9a98-98133193c4ce" class="dropdown-content two-col" role="dialog" aria-labelledby="Products"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">NEW!</div><div class="dropdown-footer-title">Exposure Command</div><div class="dropdown-footer-subtitle">Take Command of Your Attack Surface</div></div><div class="dropdown-button column-pad"><a href="/products/command/request-demo/" class="button" aria-role="button">Request Demo</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">DETECTION & RESPONSE</li><li class="dropdown-item"><a href="/products/insightidr/"><div class="dropdown-text">Next-Gen SIEM<div class="dropdown-category">INSIGHTIDR</div></div></a></li><li class="dropdown-item"><a href="/products/threat-command/"><div class="dropdown-text">Threat Intelligence<div class="dropdown-category">THREAT COMMAND</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">EXPOSURE MANAGEMENT</li><li class="dropdown-item"><a href="/products/command/exposure-management/"><div class="dropdown-text">Exposure Management<div class="dropdown-category">EXPOSURE COMMAND</div></div></a></li><li class="dropdown-item"><a href="/products/command/attack-surface-management-asm/"><div class="dropdown-text">Attack Surface Management<div class="dropdown-category">SURFACE COMMAND</div></div></a></li><li class="dropdown-item"><a href="/products/insightvm/"><div class="dropdown-text">Vulnerability Management<div class="dropdown-category">INSIGHTVM</div></div></a></li><li class="dropdown-item"><a href="/products/insightcloudsec/"><div class="dropdown-text">Cloud-Native Application Protection<div class="dropdown-category">INSIGHTCLOUDSEC</div></div></a></li><li class="dropdown-item"><a href="/products/insightappsec/"><div class="dropdown-text">Application Security Testing<div class="dropdown-category">INSIGHTAPPSEC</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="/services/" aria-role="button" aria-haspopup="dialog" aria-controls="92d80302-1c38-4bbd-a0c4-468780912f66">Services</a><div id="92d80302-1c38-4bbd-a0c4-468780912f66" class="dropdown-content two-col" role="dialog" aria-labelledby="Services"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">MXDR</div><div class="dropdown-footer-title">Managed Threat Complete</div><div class="dropdown-footer-subtitle">24x7 MXDR to secure your extended ecosystem</div></div><div class="dropdown-button column-pad"><a href="/services/managed-detection-and-response-mdr/demo/" class="button" aria-role="button">Request Demo</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">DETECTION & RESPONSE</li><li class="dropdown-item"><a href="/services/managed-detection-and-response-mdr/"><div class="dropdown-text">Managed XDR<div class="dropdown-category">MANAGED THREAT COMPLETE</div></div></a></li><li class="dropdown-item"><a href="/services/incident-response-customer-escalation/"><div class="dropdown-text">Incident Response Services<div class="dropdown-category">EXPERIENCING A BREACH?</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">EXPOSURE MANAGEMENT</li><li class="dropdown-item"><a href="/services/managed-services/vulnerability-management/"><div class="dropdown-text">Managed Vulnerability Management<div class="dropdown-category">OPTIMIZED RISK ASSESSMENT</div></div></a></li><li class="dropdown-item"><a href="/services/managed-services/managed-appsec/"><div class="dropdown-text">Managed Application Security<div class="dropdown-category">MANAGED DAST</div></div></a></li><li class="dropdown-item"><a href="/services/continuous-red-team-service/"><div class="dropdown-text">Continuous Red Teaming<div class="dropdown-category">VECTOR COMMAND</div></div></a></li><li class="dropdown-item"><a href="/services/security-consulting/penetration-testing-services/"><div class="dropdown-text">Penetration Testing Services<div class="dropdown-category">TEST YOUR DEFENSES</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="" aria-role="button" aria-haspopup="dialog" aria-controls="ee74c5ae-cbc3-4cbe-b539-afd234a9bb35">Resources</a><div id="ee74c5ae-cbc3-4cbe-b539-afd234a9bb35" class="dropdown-content two-col" role="dialog" aria-labelledby="Resources"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">NEW</div><div class="dropdown-footer-title">The Take Command Summit is back!</div><div class="dropdown-footer-subtitle">Our largest virtual event returns Apr. 9</div></div><div class="dropdown-button column-pad"><a href="https://rapid7.brighttalk.com/?utm_source=referral&utm_medium=website&utm_campaign=global-pla-take-command-summit-prospect-eng" class="button" aria-role="button">Register</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">STAY CURRENT</li><li class="dropdown-item"><a href="/research/"><div class="dropdown-text">About Rapid7 Labs<div class="dropdown-category">MEET THE RESEARCH TEAM</div></div></a></li><li class="dropdown-item"><a href="/about/events-webcasts/"><div class="dropdown-text">Events & Webinars<div class="dropdown-category">CATCH US LIVE</div></div></a></li><li class="dropdown-item"><a href="/resources/"><div class="dropdown-text">Resources Library<div class="dropdown-category">DIVE INTO THE DETAILS</div></div></a></li><li class="dropdown-item"><a href="/blog/"><div class="dropdown-text">The Rapid7 Blog<div class="dropdown-category">STAY UP-TO-DATE</div></div></a></li><li class="dropdown-item"><a href="/db/"><div class="dropdown-text">Exploit Database<div class="dropdown-category">SEARCH THOUSANDS OF CVES</div></div></a></li><li class="dropdown-item"><a href="/fundamentals/"><div class="dropdown-text">Cybersecurity Fundamentals<div class="dropdown-category">LEARN THE BASICS</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">PRODUCT SUPPORT</li><li class="dropdown-item"><a href="/contact/"><div class="dropdown-text">Contact Sales<div class="dropdown-category">TALK TO AN EXPERT</div></div></a></li><li class="dropdown-item"><a href="/for-customers/"><div class="dropdown-text">Customer Support Portal<div class="dropdown-category">CONTACT SUPPORT</div></div></a></li><li class="dropdown-item"><a href="https://extensions.rapid7.com/"><div class="dropdown-text">Product Integrations<div class="dropdown-category">CONNECT EVERYTHING</div></div></a></li><li class="dropdown-item"><a href="https://docs.rapid7.com/"><div class="dropdown-text">Product Documentation<div class="dropdown-category">PRODUCT AND SERVICES GUIDES</div></div></a></li><li class="dropdown-item"><a href="https://docs.rapid7.com/release-notes/"><div class="dropdown-text">Product Release Notes<div class="dropdown-category">LATEST FEATURES</div></div></a></li><li class="dropdown-item"><a href="/product-tours/"><div class="dropdown-text">Interactive Product Tours<div class="dropdown-category">TAKE TOUR</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="/about/company/" aria-role="button" aria-haspopup="dialog" aria-controls="c49a3442-0190-4fae-82b5-df7fe28d70ad">Company</a><div id="c49a3442-0190-4fae-82b5-df7fe28d70ad" class="dropdown-content two-col" role="dialog" aria-labelledby="Company"><ul class="dropdown-menu"><li class="dropdown-title">OVERVIEW</li><li class="dropdown-item"><a href="/about/company/"><div class="dropdown-text">About Us<div class="dropdown-category">OUR STORY</div></div></a></li><li class="dropdown-item"><a href="/about/leadership/"><div class="dropdown-text">Leadership<div class="dropdown-category">EXECUTIVE TEAM & BOARD</div></div></a></li><li class="dropdown-item"><a href="/about/news/"><div class="dropdown-text">News & Press Releases<div class="dropdown-category">THE LATEST FROM OUR NEWSROOM</div></div></a></li><li class="dropdown-item"><a href="https://careers.rapid7.com/"><div class="dropdown-text">Careers<div class="dropdown-category">JOIN RAPID7</div></div></a></li><li class="dropdown-item"><a href="/customers/"><div class="dropdown-text">Our Customers<div class="dropdown-category">Their Success Stories</div></div></a></li><li class="dropdown-item"><a href="/partners/"><div class="dropdown-text">Partners<div class="dropdown-category">Rapid7 Partner Ecosystem</div></div></a></li><li class="dropdown-item"><a href="https://investors.rapid7.com/"><div class="dropdown-text">Investors<div class="dropdown-category">Investor Relations</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">COMMUNITY & CULTURE</li><li class="dropdown-item"><a href="/about/social-good/"><div class="dropdown-text">Social Good<div class="dropdown-category">OUR COMMITMENT & APPROACH</div></div></a></li><li class="dropdown-item"><a href="/about/rapid7-foundation/"><div class="dropdown-text">Rapid7 Cybersecurity Foundation<div class="dropdown-category">BUILDING THE FUTURE</div></div></a></li><li class="dropdown-item"><a href="/about/diversity-equity-and-inclusion/"><div class="dropdown-text">Diversity, Equity & Inclusion<div class="dropdown-category">EMPOWERING PEOPLE</div></div></a></li><li class="dropdown-item"><a href="/open-source/"><div class="dropdown-text">Open Source<div class="dropdown-category">STRENGTHENING CYBERSECURITY</div></div></a></li><li class="dropdown-item"><a href="/about/public-policy/"><div class="dropdown-text">Public Policy<div class="dropdown-category">ENGAGEMENT & ADVOCACY</div></div></a></li><li class="dropdown-item"><a href="/about/rapid7-cybersecurity-partner-boston-bruins/"><div class="dropdown-text">Boston Bruins<div class="dropdown-category">Our Partnership</div></div></a></li></ul></div></li><li class="main-nav__link "><a class="" href="/partners/" aria-role="button" aria-haspopup="" aria-controls="3a92b1b8-d2fd-4e5e-b63a-1239e0c8ab95">Partners</a></li><li class="dropdown main-nav__link main-nav__link--sep"><a href="#" class="dropdown-trigger has-toggle ">en</a><div class="dropdown-content right-align"><ul class="dropdown-menu"><li class="dropdown-item selected"><a href="#">English</a></li><li class="dropdown-item "><a href="/de/cybersecurity-grundlagen/digital-forensics-and-incident-response-dfir/">Deutsch</a></li><li class="dropdown-item "><a href="/ja/fundamentals/digital-forensics-and-incident-response-dfir/">日本語</a></li></ul></div></li><li class="main-nav__link"><a href="https://insight.rapid7.com/saml/SSO" class="has-icon"><img src="/Areas/Docs/includes/img/r7-nav/icon-lock.svg" alt=""/> Sign In</a></li></ul></div></nav><nav class="sub-nav container flex flex-ai-c"><div class="sub-nav__title"><a href="#__" title=""></a></div><a class="button button--primary" href="/products/command/request-demo/">Request Demo</a></nav></header><div class="dropdown-overlay overlay false"></div><header class="r7-nav stuck show-main--init "><nav class="main-nav"><div class="container flex flex-jc-sb flex-ai-c"><div class="main-nav__logo"><a class="flex" href="https://www.rapid7.com/" target=""><img src="/Areas/Docs/includes/img/r7-nav/Rapid7_logo.svg" alt="Rapid7 Home"/></a></div><div class="main-nav__links flex flex-jc-c"><ul><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="" aria-role="button" aria-haspopup="dialog" aria-controls="4f726684-d5cd-4b5c-998b-ea7848ad67b9">Platform</a><div id="4f726684-d5cd-4b5c-998b-ea7848ad67b9" class="dropdown-content two-col" role="dialog" aria-labelledby="Platform"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">TECHNOLOGY</div><div class="dropdown-footer-title">The Rapid7 Command Platform</div><div class="dropdown-footer-subtitle">AI-Powered Cybersecurity Platform</div></div><div class="dropdown-button column-pad"><a href="/platform/" class="button" aria-role="button">Explore</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">PLATFORM</li><li class="dropdown-item"><a href="/platform/"><div class="dropdown-text">Platform<div class="dropdown-category">ELITE TECHNOLOGY</div></div></a></li><li class="dropdown-item"><a href="/info/ai-hub-page/"><div class="dropdown-text">AI-Engine<div class="dropdown-category">INTELLIGENT TOOLS</div></div></a></li><li class="dropdown-item"><a href="/research/"><div class="dropdown-text">Rapid7 Labs<div class="dropdown-category">TRUSTED INTELLIGENCE</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">SOLUTIONS</li><li class="dropdown-item"><a href="/services/managed-detection-and-response-mdr/"><div class="dropdown-text">Managed Threat Complete<div class="dropdown-category">MANAGED XDR</div></div></a></li><li class="dropdown-item"><a href="/products/command/attack-surface-management-asm/"><div class="dropdown-text">Surface Command<div class="dropdown-category">ATTACK SURFACE MANAGEMENT</div></div></a></li><li class="dropdown-item"><a href="/products/command/exposure-management/"><div class="dropdown-text">Exposure Command<div class="dropdown-category">EXPOSURE MANAGEMENT</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="/products/" aria-role="button" aria-haspopup="dialog" aria-controls="e59941ca-7736-4046-9a98-98133193c4ce">Products</a><div id="e59941ca-7736-4046-9a98-98133193c4ce" class="dropdown-content two-col" role="dialog" aria-labelledby="Products"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">NEW!</div><div class="dropdown-footer-title">Exposure Command</div><div class="dropdown-footer-subtitle">Take Command of Your Attack Surface</div></div><div class="dropdown-button column-pad"><a href="/products/command/request-demo/" class="button" aria-role="button">Request Demo</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">DETECTION & RESPONSE</li><li class="dropdown-item"><a href="/products/insightidr/"><div class="dropdown-text">Next-Gen SIEM<div class="dropdown-category">INSIGHTIDR</div></div></a></li><li class="dropdown-item"><a href="/products/threat-command/"><div class="dropdown-text">Threat Intelligence<div class="dropdown-category">THREAT COMMAND</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">EXPOSURE MANAGEMENT</li><li class="dropdown-item"><a href="/products/command/exposure-management/"><div class="dropdown-text">Exposure Management<div class="dropdown-category">EXPOSURE COMMAND</div></div></a></li><li class="dropdown-item"><a href="/products/command/attack-surface-management-asm/"><div class="dropdown-text">Attack Surface Management<div class="dropdown-category">SURFACE COMMAND</div></div></a></li><li class="dropdown-item"><a href="/products/insightvm/"><div class="dropdown-text">Vulnerability Management<div class="dropdown-category">INSIGHTVM</div></div></a></li><li class="dropdown-item"><a href="/products/insightcloudsec/"><div class="dropdown-text">Cloud-Native Application Protection<div class="dropdown-category">INSIGHTCLOUDSEC</div></div></a></li><li class="dropdown-item"><a href="/products/insightappsec/"><div class="dropdown-text">Application Security Testing<div class="dropdown-category">INSIGHTAPPSEC</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="/services/" aria-role="button" aria-haspopup="dialog" aria-controls="92d80302-1c38-4bbd-a0c4-468780912f66">Services</a><div id="92d80302-1c38-4bbd-a0c4-468780912f66" class="dropdown-content two-col" role="dialog" aria-labelledby="Services"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">MXDR</div><div class="dropdown-footer-title">Managed Threat Complete</div><div class="dropdown-footer-subtitle">24x7 MXDR to secure your extended ecosystem</div></div><div class="dropdown-button column-pad"><a href="/services/managed-detection-and-response-mdr/demo/" class="button" aria-role="button">Request Demo</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">DETECTION & RESPONSE</li><li class="dropdown-item"><a href="/services/managed-detection-and-response-mdr/"><div class="dropdown-text">Managed XDR<div class="dropdown-category">MANAGED THREAT COMPLETE</div></div></a></li><li class="dropdown-item"><a href="/services/incident-response-customer-escalation/"><div class="dropdown-text">Incident Response Services<div class="dropdown-category">EXPERIENCING A BREACH?</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">EXPOSURE MANAGEMENT</li><li class="dropdown-item"><a href="/services/managed-services/vulnerability-management/"><div class="dropdown-text">Managed Vulnerability Management<div class="dropdown-category">OPTIMIZED RISK ASSESSMENT</div></div></a></li><li class="dropdown-item"><a href="/services/managed-services/managed-appsec/"><div class="dropdown-text">Managed Application Security<div class="dropdown-category">MANAGED DAST</div></div></a></li><li class="dropdown-item"><a href="/services/continuous-red-team-service/"><div class="dropdown-text">Continuous Red Teaming<div class="dropdown-category">VECTOR COMMAND</div></div></a></li><li class="dropdown-item"><a href="/services/security-consulting/penetration-testing-services/"><div class="dropdown-text">Penetration Testing Services<div class="dropdown-category">TEST YOUR DEFENSES</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="" aria-role="button" aria-haspopup="dialog" aria-controls="ee74c5ae-cbc3-4cbe-b539-afd234a9bb35">Resources</a><div id="ee74c5ae-cbc3-4cbe-b539-afd234a9bb35" class="dropdown-content two-col" role="dialog" aria-labelledby="Resources"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">NEW</div><div class="dropdown-footer-title">The Take Command Summit is back!</div><div class="dropdown-footer-subtitle">Our largest virtual event returns Apr. 9</div></div><div class="dropdown-button column-pad"><a href="https://rapid7.brighttalk.com/?utm_source=referral&utm_medium=website&utm_campaign=global-pla-take-command-summit-prospect-eng" class="button" aria-role="button">Register</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">STAY CURRENT</li><li class="dropdown-item"><a href="/research/"><div class="dropdown-text">About Rapid7 Labs<div class="dropdown-category">MEET THE RESEARCH TEAM</div></div></a></li><li class="dropdown-item"><a href="/about/events-webcasts/"><div class="dropdown-text">Events & Webinars<div class="dropdown-category">CATCH US LIVE</div></div></a></li><li class="dropdown-item"><a href="/resources/"><div class="dropdown-text">Resources Library<div class="dropdown-category">DIVE INTO THE DETAILS</div></div></a></li><li class="dropdown-item"><a href="/blog/"><div class="dropdown-text">The Rapid7 Blog<div class="dropdown-category">STAY UP-TO-DATE</div></div></a></li><li class="dropdown-item"><a href="/db/"><div class="dropdown-text">Exploit Database<div class="dropdown-category">SEARCH THOUSANDS OF CVES</div></div></a></li><li class="dropdown-item"><a href="/fundamentals/"><div class="dropdown-text">Cybersecurity Fundamentals<div class="dropdown-category">LEARN THE BASICS</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">PRODUCT SUPPORT</li><li class="dropdown-item"><a href="/contact/"><div class="dropdown-text">Contact Sales<div class="dropdown-category">TALK TO AN EXPERT</div></div></a></li><li class="dropdown-item"><a href="/for-customers/"><div class="dropdown-text">Customer Support Portal<div class="dropdown-category">CONTACT SUPPORT</div></div></a></li><li class="dropdown-item"><a href="https://extensions.rapid7.com/"><div class="dropdown-text">Product Integrations<div class="dropdown-category">CONNECT EVERYTHING</div></div></a></li><li class="dropdown-item"><a href="https://docs.rapid7.com/"><div class="dropdown-text">Product Documentation<div class="dropdown-category">PRODUCT AND SERVICES GUIDES</div></div></a></li><li class="dropdown-item"><a href="https://docs.rapid7.com/release-notes/"><div class="dropdown-text">Product Release Notes<div class="dropdown-category">LATEST FEATURES</div></div></a></li><li class="dropdown-item"><a href="/product-tours/"><div class="dropdown-text">Interactive Product Tours<div class="dropdown-category">TAKE TOUR</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="/about/company/" aria-role="button" aria-haspopup="dialog" aria-controls="c49a3442-0190-4fae-82b5-df7fe28d70ad">Company</a><div id="c49a3442-0190-4fae-82b5-df7fe28d70ad" class="dropdown-content two-col" role="dialog" aria-labelledby="Company"><ul class="dropdown-menu"><li class="dropdown-title">OVERVIEW</li><li class="dropdown-item"><a href="/about/company/"><div class="dropdown-text">About Us<div class="dropdown-category">OUR STORY</div></div></a></li><li class="dropdown-item"><a href="/about/leadership/"><div class="dropdown-text">Leadership<div class="dropdown-category">EXECUTIVE TEAM & BOARD</div></div></a></li><li class="dropdown-item"><a href="/about/news/"><div class="dropdown-text">News & Press Releases<div class="dropdown-category">THE LATEST FROM OUR NEWSROOM</div></div></a></li><li class="dropdown-item"><a href="https://careers.rapid7.com/"><div class="dropdown-text">Careers<div class="dropdown-category">JOIN RAPID7</div></div></a></li><li class="dropdown-item"><a href="/customers/"><div class="dropdown-text">Our Customers<div class="dropdown-category">Their Success Stories</div></div></a></li><li class="dropdown-item"><a href="/partners/"><div class="dropdown-text">Partners<div class="dropdown-category">Rapid7 Partner Ecosystem</div></div></a></li><li class="dropdown-item"><a href="https://investors.rapid7.com/"><div class="dropdown-text">Investors<div class="dropdown-category">Investor Relations</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">COMMUNITY & CULTURE</li><li class="dropdown-item"><a href="/about/social-good/"><div class="dropdown-text">Social Good<div class="dropdown-category">OUR COMMITMENT & APPROACH</div></div></a></li><li class="dropdown-item"><a href="/about/rapid7-foundation/"><div class="dropdown-text">Rapid7 Cybersecurity Foundation<div class="dropdown-category">BUILDING THE FUTURE</div></div></a></li><li class="dropdown-item"><a href="/about/diversity-equity-and-inclusion/"><div class="dropdown-text">Diversity, Equity & Inclusion<div class="dropdown-category">EMPOWERING PEOPLE</div></div></a></li><li class="dropdown-item"><a href="/open-source/"><div class="dropdown-text">Open Source<div class="dropdown-category">STRENGTHENING CYBERSECURITY</div></div></a></li><li class="dropdown-item"><a href="/about/public-policy/"><div class="dropdown-text">Public Policy<div class="dropdown-category">ENGAGEMENT & ADVOCACY</div></div></a></li><li class="dropdown-item"><a href="/about/rapid7-cybersecurity-partner-boston-bruins/"><div class="dropdown-text">Boston Bruins<div class="dropdown-category">Our Partnership</div></div></a></li></ul></div></li><li class="main-nav__link "><a class="" href="/partners/" aria-role="button" aria-haspopup="" aria-controls="3a92b1b8-d2fd-4e5e-b63a-1239e0c8ab95">Partners</a></li></ul></div><div class="main-nav__utility"><ul><li class="dropdown language"><a href="#" class="dropdown-trigger has-toggle ">en</a><div class="dropdown-content right-align"><ul class="dropdown-menu"><li class="dropdown-item selected"><a href="#">English</a></li><li class="dropdown-item "><a href="/de/cybersecurity-grundlagen/digital-forensics-and-incident-response-dfir/">Deutsch</a></li><li class="dropdown-item "><a href="/ja/fundamentals/digital-forensics-and-incident-response-dfir/">日本語</a></li></ul></div></li><li class="signin"><a href="https://insight.rapid7.com/saml/SSO"><img src="/Areas/Docs/includes/img/r7-nav/icon-lock.svg" alt=""/>Sign In</a></li></ul></div></div></nav><section class="search-bar hide"><div class="container flex flex-jc-c flex-ai-c"><form action="/search" class="search-content flex flex-jc-c flex-ai-c"><i class="r7-icon r7-icon-search-magnify"></i><input type="search" class="search-input" name="q" autoComplete="off" placeholder="Search"/><input type="submit" class="search-submit button blue" value="Search"/><a class="search-close"><i class="r7-icon r7-icon-delete-x"></i></a></form></div></section><div class="search-overlay overlay "></div><nav class="sub-nav sub-nav--no-items"><div class="container flex flex-jc-sb"><a class="logo circle-button" href="https://www.rapid7.com/"><img src="/Areas/Docs/includes/img/r7-nav/Rapid7_logo-short.svg" alt="Rapid7 logo"/></a><div class="sub-nav__links flex"><ul class="flex flex-ai-c"><li class="sub-nav__title"><a href="#__" title=""></a></li></ul></div><div class="sub-nav__utility"><a class="search" role="button" tabindex="0"><i class="r7-icon r7-icon-search-magnify"></i></a><a class="button button--primary" href="/products/command/request-demo/">Request Demo</a><a class="to-top circle-button" tabindex="0"><i class="r7-icon r7-icon-arrow-chevron-up-solid"></i></a></div></div></nav></header> </div> <div class="off-canvas-content" data-off-canvas-content> <div id="menuOverlay" class="reveal-overlay"></div> <section class="longHero"> <div class="breadcrumbs__wrapper "> <div class="breadcrumbs__content"> <ul class="breadcrumbs"> <li><a href="/">Home</a></li> <li><a href="/fundamentals/">Fundamentals</a></li> <li><strong>Digital Forensics and Incident Response (DFIR)</strong></li> </ul> </div> </div> <div class="fundamentals-hero"> <div class="grid-container"> <div class="grid-x grid-padding-x grid-padding-y align-middle"> <div class="fundamentals-hero__content text-left small-12 medium-10 medium-offset-1 large-5 cell"> <div> <h1 style="background-image:url(https://www.rapid7.com/globalassets/_icons/fundamentals/hub-endpoint-solid.svg)">Digital Forensics and Incident Response (DFIR)</h1> <p>Learn more about the process of in-depth breach investigation.</p> <a href="/products/command/attack-surface-management-asm/" class="button btn-primary mdBtn"> Explore Surface Command </a> </div> </div> <div class="text-left small-12 medium-10 medium-offset-1 large-5 large-offset-0 cell"> <div class="fundamentals-hero__overview"> <p class="small header">Topic Overview</p> <ul> <li> <a class="font-size-p-small" href="#whatisdigitalforensicsandincidentresponsedfirnbsp">What is Digital Forensics and Incident Response (DFIR)? </a> </li> <li> <a class="font-size-p-small" href="#theroleofdfirincybersecurity">The Role of DFIR in Cybersecurity</a> </li> <li> <a class="font-size-p-small" href="#howisdigitalforensicsusedinincidentresponsenbsp">How is Digital Forensics Used in Incident Response? </a> </li> <li> <a class="font-size-p-small" href="#whyisdfiracriticaltoolinacybersecurityprogramnbsp">Why is DFIR a Critical Tool in a Cybersecurity Program? </a> </li> </ul> </div> </div> </div> <div class="grid-x grid-padding-x"> <div class="text-left small-12 medium-10 medium-offset-1 cell fundamentals-hero__divider"><hr /></div> </div> </div> </div> </section> <div class="pageContent"> <div class="grid-container"> <div class="fundamentals-content grid-x grid-padding-x grid-padding-y"> <div class="text-left small-12 medium-10 medium-offset-1 large-3 cell"> <aside class="sidebar-menu"> <span class="sidebar-menu__toc--toggle r7-expansion-toggle collapse">Related Topics</span> <div class="sidebar-menu__toc--content r7-expansion-content collapse"> <span class="heading">Endpoint Security</span> <ul> <li> <a href="/fundamentals/endpoint-security/">Endpoint Security</a> </li> <li> <a href="/fundamentals/what-is-next-gen-antivirus-ngav/">Next Generation Antivirus (NGAV)</a> </li> <li> <a href="/fundamentals/digital-forensics-and-incident-response-dfir/">Digital Forensics and Incident Response (DFIR)</a> </li> <li> <a href="/fundamentals/what-is-threat-hunting/">Threat Hunting</a> </li> <li> <a href="/fundamentals/intrusion-detection-and-prevention-systems-idps/">Intrusion Detection and Prevention Systems (IDPS)</a> </li> <li> <a href="/fundamentals/what-is-internet-of-things-iot-security/">Internet of Things (IoT) Security</a> </li> </ul> </div> </aside> <div class="fundamentals-content__sidebar show-for-large"> <hr /> <div id="sideDarkCtaBlock" class="ctaBlock primary bgBlueGreenLinearGradient"> <div class="ctaBlock__title"> <h5> The Ransomware Radar Report </h5> </div> <div class="ctaBlock__content"> <p class="small">Rapid7 Labs' 2024 research uncovers the latest trends in attacker behavior.</p> <a class="btn-primary button smBtn" href="/research/report/ransomware-radar-report/" id="darkSideCtaPrimaryBtn"> Read Now </a> </div> </div> </div> </div> <div class="text-left small-12 medium-offset-1 medium-10 large-offset-0 large-7 cell"> <div class="fundamentals-content__intro"> <h2 id="whatisdigitalforensicsandincidentresponsedfirnbsp">What is Digital Forensics and Incident Response (DFIR)? </h2> <p>DFIR is the process of collecting digital forensic evidence, hunting for suspicious activities, and continuously monitoring for endpoint events. Going a bit more in-depth, security expert Scott J. Roberts <a href="https://sroberts.medium.com/introduction-to-dfir-d35d5de4c180">defines DFIR</a> as "a multidisciplinary profession that focuses on identifying, investigating, and remediating computer-network exploitation."</p> <p>From a process standpoint, an incident response and investigation plan that leverages comprehensive forensics will include responsibilities such as investigation, analysis management, threat detection, communications, and documentation of findings.</p> <p>Subsequent remediation and cleanup typically includes removing attacker remote-access capabilities, restoring prioritized business processes and systems, and securing compromised user accounts.</p> <p>Contained in the minutiae of those processes are the following key components of a DFIR framework:</p> <ul> <li><strong>Muti-system forensics</strong>: One of the hallmarks of DFIR is the ability to monitor and query all critical systems and asset types for indications of foul play. </li> <li><strong>Attack intelligence</strong>: Spotting suspicious network activity means knowing what to look for. This means developing the ability to think like an attacker, not only to remediate vulnerabilities in your own systems, but also to spot signs of exploitation. </li> <li><strong>Endpoint visibility</strong>: Security teams need visibility into corporate networks and the seemingly endless complex system of <a href="/fundamentals/endpoint-security/">endpoints</a> — then they need a way to clearly organize and interpret data gathered from them.</li> </ul> </div> <div class="fundamentals-content__contentRegion1"> <h2 id="theroleofdfirincybersecurity">The Role of DFIR in Cybersecurity</h2> <p>Within the larger framework of cybersecurity practices, DFIR serves to obtain a finely detailed look at how a breach occurred and the specific steps it will take to remediate that particular incident. Let’s dive deeper into the separate functions that make up a holistic DFIR practice.</p> <h3>Incident Detection and Response </h3> <p>Detecting compromised users affected by a breach is the first step to gaining visibility into what occurred and crafting a timely response to ensure attackers are purged from the network, the breach contained and fixed, and any remaining <a href="/fundamentals/vulnerabilities-exploits-threats/">exploitable vulnerabilities</a> remediated. From there, a thoughtful investigation can take place, one that can identify evolving attacker behavior and more accurately spot it in the future.</p> <h3>Forensic Investigation</h3> <p>An investigation into a specific breach is never going to look like the investigation that came before it. It’s imperative to customize a situational approach to a threat, whether that threat is impending or has already taken place. When launching an investigation, a security team might perform data analysis on the affected asset(s), acquiring browser-history artifacts, event logs, files from directories, and registry hives.</p> <h3>Threat Intelligence and Analysis</h3> <p>The most critical step in gathering <a href="/fundamentals/what-is-threat-intelligence/">threat intelligence</a> is ensuring the data are tailored to each and every function in a security organization. Once put into practice, the <a href="/blog/post/2021/10/15/4-simple-steps-for-an-effective-threat-intelligence-program/">intelligence cycle</a> will produce results by collecting, analyzing, and disseminating to relevant stakeholders in the organization. This process presupposes a heavy emphasis on automated analysis that can quickly search through data and surface relevant insights.</p> <h3>Malware Analysis and Reverse Engineering</h3> <p>In the analysis of potential <a href="/fundamentals/malware-attacks/">malware</a> on a network, a security team would submit a suspicious sample, run it through a chain of analyzers, and then classify the threat based on risk score. This can help to prioritize the situation. Is it something that needs immediate attention or can it wait? In this analysis period, reverse engineering malware can help teams find the best way to understand its ultimate target and quickly eradicate it.</p> <h3>Incident Containment and Recovery</h3> <p>Once a breach has been fully scoped and the affected assets, applications, and users have been contained, a <a href="/fundamentals/security-operations-center/">security operations center (SOC)</a> will launch a predetermined plan to restore normal business operating processes. Documentation is key to disaster planning so teams can understand the various components of the backup system. Maintaining an automated, offline backup can further help the process of recovering from a malware attack.</p> <h2 id="howisdigitalforensicsusedinincidentresponsenbsp">How is Digital Forensics Used in Incident Response? </h2> <p>Digital forensics is used in <a href="/fundamentals/incident-response/">incident response</a> by becoming embedded in the process. As every security professional knows, it’s not enough to respond to incidents and fix the issue, you have to know exactly what happened and how it happened so that systems can be calibrated for that attack path and surface customized alerts the next time that behavior is spotted.</p> <p>If someone were to ask, ”what are digital forensics?”, we would more pointedly want to have a discussion on multi-system forensics (briefly mentioned above). That is, the ability to monitor and query critical systems and asset types all along a network for indications of suspicious behavior. Let’s take a more granular look into what that process entails:</p> <ul> <li><strong>Collect</strong>: Perform targeted collections of digital forensic evidence across endpoints.</li> <li><strong>Monitor</strong>: Continuously monitor for endpoint events like logs, file modifications, and process execution. </li> <li><strong>Hunt</strong>: Find and access a reliable library of forensic artifacts and search for suspected malware-related activities on your network, customizing to specific threat-hunting needs as you go.</li> </ul> <p>Digital forensics should enable threat responders and hunters to collect, query, and monitor almost any aspect of an endpoint, groups of endpoints, or an entire network. The practice can also be used to create continuous monitoring rules on an endpoint as well as automate server tasks. Specific use cases can include:</p> <ul> <li><strong>Client monitoring and alerts (detection)</strong>: DFIR tools can collect event queries focused on detection, allowing practitioners to autonomously monitor an endpoint and send back prioritized alerts when certain conditions are met.</li> <li><strong>Proactively hunting for indicators (threat intelligence)</strong>: This indicates artifact collection at scale from many systems that can then be combined with threat-intelligence information – such as hashes – to proactively hunt for compromises by known bad actors. </li> <li><strong>Ongoing forwarding of events to another system</strong>: Monitoring queries can be used to simply forward events.</li> <li><strong>Collecting bulk files for analysis on another system (digital forensics)</strong>: The DFIR tool will collect bulk files from an endpoint for later analysis by other tools.</li> <li><strong>Parsing for indicators on the endpoint (digital forensics)</strong>: Artifacts are used to directly parse files on an endpoint, quickly returning actionable, high-value information without the need for lengthy post processing.</li> <li><strong>Proactive hunting for indicators across many systems (incident response)</strong>: The DFIR tool can simultaneously hunt for artifacts from many endpoints.</li> </ul> <h2 id="whyisdfiracriticaltoolinacybersecurityprogramnbsp">Why is DFIR a Critical Tool in a Cybersecurity Program? </h2> <p>DFIR is a critical tool in a cybersecurity program because it helps to more accurately and granularly reveal the methodology and path that an attacker is looking to take or has already taken to breach a network.</p> <p>It’s in the best interest of a business and its security program to go beyond response and calibrate preventive measures to recognize the same or similar behavior in the future.</p> <h3>What are the Benefits of DFIR? </h3> <p>The benefits of DFIR are impossible to overstate, as the goal of breach investigation is visibility so that security teams can gain insights from what happened and create a stronger program.</p> <ul> <li><strong>Faster recovery</strong>: Surfacing more relevant alerts – based on either past incidents or library artifacts – means that DFIR practitioners can work faster to respond to and recover from an incident.  </li> <li><strong>Stronger security posture</strong>: In more accurately being able to respond to threats and investigate them, an organization’s overall health and security posture begins to improve. An external <a href="/products/velociraptor/">DFIR services</a> program can also help to further add value by conducting more in-depth investigations, giving time back to internal practitioners to focus on other goals and priorities. </li> <li><strong>Data-sharing capabilities</strong>: A modern DFIR solution will include accurate reporting of every action taken in the response to a threat or incident. This means those reports and critical insights can easily be shared with any and all interested stakeholders.  </li> <li><strong>Little-to-no guesswork</strong>: How did they get in? Who exactly is the perpetrator? What are their motives? Thorough DFIR capabilities should be able to provide clear answers to these questions, leaving little doubt as to what has happened and what should happen next.</li> </ul> <h3>Read More About DFIR</h3> <p><a href="/blog/tag/dfir/">DFIR: Latest Rapid7 Blog Posts</a></p> </div> </div> </div> </div> <section class="multi-feature-card-block__carousel graybg" data-block-name="Multi-Feature Card Block"> <div class="grid-container"> <div class="grid-x grid-padding-x grid-padding-y text-center"> <div class="small-12 medium-10 medium-offset-1 cell"> <h2>Related Topics</h2> </div> </div> <div class="grid-x grid-padding-x"> <div class="small-12 medium-10 medium-offset-1 cell"> <div class="multi-feature-card-block__carousel-slider"> <a href="/fundamentals/endpoint-security/" class="card__standard w-icon " data-card-height="" style="background-image: url('https://www.rapid7.com/globalassets/_icons/fundamentals/hub-endpoint-solid.svg');"> <div class="inner-content"> <div class="inner-content__txt"> <h4>Endpoint Security</h4> <span class="card-separator"></span> <div class="subtext">Endpoint Security</div> </div> <span class="btn-tertiary button smBtn">Read Topic</span> </div> </a> <a href="/fundamentals/what-is-threat-hunting/" class="card__standard w-icon " data-card-height="" style="background-image: url('https://www.rapid7.com/globalassets/_icons/fundamentals/hub-endpoint-solid.svg');"> <div class="inner-content"> <div class="inner-content__txt"> <h4>Threat Hunting</h4> <span class="card-separator"></span> <div class="subtext">Endpoint Security</div> </div> <span class="btn-tertiary button smBtn">Read Topic</span> </div> </a> <a href="/fundamentals/intrusion-detection-and-prevention-systems-idps/" class="card__standard w-icon " data-card-height="" style="background-image: url('https://www.rapid7.com/globalassets/_icons/fundamentals/hub-endpoint-solid.svg');"> <div class="inner-content"> <div class="inner-content__txt"> <h4>Intrusion Detection and Prevention Systems (IDPS)</h4> <span class="card-separator"></span> <div class="subtext">Endpoint Security</div> </div> <span class="btn-tertiary button smBtn">Read Topic</span> </div> </a> <a href="/fundamentals/what-is-internet-of-things-iot-security/" class="card__standard w-icon " data-card-height="" style="background-image: url('https://www.rapid7.com/globalassets/_icons/fundamentals/hub-endpoint-solid.svg');"> <div class="inner-content"> <div class="inner-content__txt"> <h4>Internet of Things (IoT)</h4> <span class="card-separator"></span> <div class="subtext">Endpoint Security</div> </div> <span class="btn-tertiary button smBtn">Read Topic</span> </div> </a> <a href="/fundamentals/what-is-next-gen-antivirus-ngav/" class="card__standard w-icon " data-card-height="" style="background-image: url('https://www.rapid7.com/globalassets/_icons/fundamentals/hub-endpoint-solid.svg');"> <div class="inner-content"> <div class="inner-content__txt"> <h4>Next Generation Antivirus (NGAV)</h4> <span class="card-separator"></span> <div class="subtext">Endpoint Security</div> </div> <span class="btn-tertiary button smBtn">Read Topic</span> </div> </a> </div> </div> </div> <div class="grid-x grid-padding-x grid-padding-y text-center block-cta"> <div class="cell small-12"> <a href="/fundamentals/" class="button mdBtn btn-primary hide-for-large">View More Topics</a> <a href="/fundamentals/" class="button lgBtn btn-primary show-for-large">View More Topics</a> </div> </div> </div> </section> </div> <footer > <section class="search-scroll"> <div class="grid-container"> <div class="grid-x grid-padding-x"> <div class="medium-5 medium-offset-1 cell footer__search"> <form action="/search/"> <label for="search" class="sr-only">Search</label> <input class="sb-search-input" placeholder="Search all the things" type="search" value="" name="q" id="search"> <input class="sb-search-submit" type="submit" value="Submit Search" alt="Search all the things"> </form> </div> <div class="medium-5 cell footer__scroll"> <a href="#__" class="smooth"> <span>BACK TO TOP</span> <picture><source sizes="(max-width: 480px) 100vw, (max-width: 640px) 95vw, (max-width: 1024px) 95vw, 90vw" srcset="/includes/img/up-arrow-lightgray.png?format=webp&width=1200&quality=90 1200w, /includes/img/up-arrow-lightgray.png?format=webp&width=1024&quality=90 1024w, /includes/img/up-arrow-lightgray.png?format=webp&width=640&quality=90 640w, /includes/img/up-arrow-lightgray.png?format=webp&width=480&quality=90 480w" type="image/webp" /><source sizes="(max-width: 480px) 100vw, (max-width: 640px) 95vw, (max-width: 1024px) 95vw, 90vw" srcset="/includes/img/up-arrow-lightgray.png?width=1200 1200w, /includes/img/up-arrow-lightgray.png?width=1024 1024w, /includes/img/up-arrow-lightgray.png?width=640 640w, /includes/img/up-arrow-lightgray.png?width=480 480w" /><img alt="" decoding="async" loading="lazy" src="/includes/img/up-arrow-lightgray.png?width=1200" /></picture> </a> </div> </div> </div> </section> <div class="grid-container"> <section class="footer__links grid-x grid-padding-x"> <div class="medium-10 medium-offset-1 cell footer__links-wrapper"> <div class="footer__links-col"> <div class="footer__links-section footer__contact"> <a href="/"> <picture><source sizes="(max-width: 480px) 100vw, (max-width: 640px) 95vw, (max-width: 1024px) 95vw, 90vw" srcset="/includes/img/Rapid7_logo.svg?format=webp&width=1200&quality=90 1200w, /includes/img/Rapid7_logo.svg?format=webp&width=1024&quality=90 1024w, /includes/img/Rapid7_logo.svg?format=webp&width=640&quality=90 640w, /includes/img/Rapid7_logo.svg?format=webp&width=480&quality=90 480w" type="image/webp" /><source sizes="(max-width: 480px) 100vw, (max-width: 640px) 95vw, (max-width: 1024px) 95vw, 90vw" srcset="/includes/img/Rapid7_logo.svg?width=1200&quality=90 1200w, /includes/img/Rapid7_logo.svg?width=1024&quality=90 1024w, /includes/img/Rapid7_logo.svg?width=640&quality=90 640w, /includes/img/Rapid7_logo.svg?width=480&quality=90 480w" /><img alt="Rapid7 logo" class="logo" decoding="async" loading="lazy" src="/includes/img/Rapid7_logo.svg?width=1200&quality=90" /></picture> </a> <div class="footer__links-title">CUSTOMER SUPPORT</div> <a class="link" href="tel:1-866-390-8113">+1-866-390-8113 (Toll Free)</a> <div class="footer__links-title">SALES SUPPORT</div> <a class="link" href="tel:866-772-7437">+1-866-772-7437 (Toll Free)</a> <div class="footer__breach"> <div class="footer__breach-title">Need to report an Escalation or a Breach?</div> <div class="footer__breach-contact"> <a aria-role="button" href="/services/incident-response-customer-escalation/" class="button mdBtn btn-primary r7-icon-lightning-bolt">Get Help</a> </div> </div> </div> <div class="footer__links-section footer__solutions"> <div class="footer__links-title">SOLUTIONS</div> <a class="link" href="/platform/">The Command Platform</a> <a class="link" href="/products/command/exposure-management/">Exposure Command</a> <a class="link" href="/services/managed-detection-and-response-mdr/">Managed Threat Complete</a> </div> </div> <div class="footer__links-col"> <div class="footer__links-section footer__support"> <div class="footer__links-title">SUPPORT & RESOURCES</div> <a class="link" href="https://www.rapid7.com/for-customers/">Product Support</a> <a class="link" href="https://www.rapid7.com/resources/">Resource Library</a> <a class="link" href="https://www.rapid7.com/customers/">Our Customers</a> <a class="link" href="https://www.rapid7.com/about/events-webcasts/">Events & Webcasts</a> <a class="link" href="https://www.rapid7.com/services/training-certification/">Training & Certification</a> <a class="link" href="https://www.rapid7.com/fundamentals/">Cybersecurity Fundamentals</a> <a class="link" href="https://www.rapid7.com/db/">Vulnerability & Exploit Database</a> </div> <div class="footer__links-section footer__about"> <div class="footer__links-title">ABOUT US</div> <a class="link" href="https://www.rapid7.com/about/company/">Company</a> <a class="link" href="https://www.rapid7.com/about/diversity-equity-and-inclusion/">Diversity, Equity, and Inclusion</a> <a class="link" href="https://www.rapid7.com/about/leadership/">Leadership</a> <a class="link" href="https://www.rapid7.com/about/news/">News & Press Releases</a> <a class="link" href="https://www.rapid7.com/about/public-policy/">Public Policy</a> <a class="link" href="https://www.rapid7.com/open-source/">Open Source</a> <a class="link" href="https://investors.rapid7.com/overview/default.aspx">Investors</a> </div> </div> <div class="footer__links-col"> <div class="footer__links-section footer__connect"> <div class="footer__links-title">CONNECT WITH US</div> <a class="link" href="https://www.rapid7.com/contact/">Contact</a> <a class="link" href="https://www.rapid7.com/blog/">Blog</a> <a class="link" href="https://insight.rapid7.com/login">Support Login</a> <a class="link" href="https://careers.rapid7.com/careers-home">Careers</a> <div class="footer__links-social"> <a class="linkedin no-new-open" aria-label="LinkedIn" href="https://www.linkedin.com/company/39624" target="_blank"></a> <a class="twitter-x no-new-open" aria-label="Twitter" href="https://twitter.com/Rapid7" target="_blank"></a> <a class="facebook no-new-open" aria-label="Facebook" href="https://www.facebook.com/rapid7" target="_blank"></a> <a class="instagram no-new-open" aria-label="Instagram" href="https://www.instagram.com/rapid7/" target="_blank"></a> </div> </div> </div> </div> </section> </div> <section class="footer__legal"> <div class="grid-container"> <div class="grid-x grid-padding-x"> <div class="medium-10 medium-offset-1 cell"> <div class="footer__legal-copyright">© Rapid7</div> <div class="footer__legal-link"><a href="/legal/">Legal Terms</a></div>   |   <div class="footer__legal-link"><a href="/privacy-policy/">Privacy Policy</a></div>   |   <div class="footer__legal-link"><a href="/export-notice/">Export Notice</a></div>   |   <div class="footer__legal-link"><a href="/trust/">Trust</a></div>   |   <div class="footer__legal-link"><a href=""><a href="#" onclick="OneTrust.ToggleInfoDisplay(); return false;"> Do Not Sell or Share My Personal Information</a></a></div>   |   <div class="footer__legal-link"><a href=""><a href="#" onclick="OneTrust.ToggleInfoDisplay(); return false;">Cookie Preferences</a></a></div> </div> </div> </div> </section> <section class="contact-sticky"> <div class="grid-container"> <div class="grid-x grid-padding-x expanded"> <div id="stickyButtons" class="cell driftInit"> <div class="contactBtn"> <a id="sticky_contact_btn" role="button" tabindex="0" class="gray button"> Contact Us </a> </div> </div> </div> </div> </section> <div class="reveal light hasSidebar" id="stickyContact" data-reveal> <section class="contactForm"> <div class="grid-container"> <div class="grid-x grid-padding-x"> <div class="large-9 cell"> <div> <h2>Submit your information and we will get in touch with you.</h2> </div> <script src="//information.rapid7.com/js/forms2/js/forms2.min.js"></script> <div id="thankyouText2" style="display:none;" class="messageBox green" userlang="en"> <div class="inner-wrapper"> <div class="img-wrapper"> <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 32 32" fill="none"> <circle cx="16" cy="16" r="16" fill="white"></circle> <path d="M22.4 12L13.6 20.8L9.59998 16.8" stroke="#3B454A" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"></path> </svg> </div> <h4 class="title">Thank you for contacting us.</h4> <h5 class="sub-title">We will be in touch shortly.</h5> </div> </div> <form id="mktoForm_8347"></form> <script> MktoForms2.loadForm("//information.rapid7.com", "411-NAK-970", 8347, function (form) { form.onSuccess(function (values, followUpUrl) { $('#thankyouText2').show(); form.getFormElem().hide(); return false; }); }); </script> <script src="//www.google.com/recaptcha/api.js?hl=en&render=6Lc2JFwaAAAAAI4X5Ix2Jxu7lyXDUVm1U3sATX7a"></script> </div> <div class="large-3 cell sidebar"> <p><img class="logo" src="/includes/img/logo-black.png" alt="Rapid7 logo" data-src="/includes/img/logo-black.png"></p> <h3>General:</h3> <p><a href="mailto:info@rapid7.com">info@rapid7.com</a></p> <h3>Sales:</h3> <p><a href="tel:1-866-772-7437">+1-866-772-7437</a><br><a href="mailto:sales@rapid7.com">sales@rapid7.com</a></p> <h3>Support:</h3> <p><a href="tel:1-866-390-8113">+1–866–390–8113 (toll free)</a><br><a href="mailto:support@rapid7.com">support@rapid7.com</a></p> <h3>Incident Response:</h3> <p><a href="tel:1-844-787-4937">1-844-727-4347</a></p> <p><a class="view_more" href="/contact/">More Contact Info</a></p> </div> </div> </div> </section> <button class="close-button" data-close="" aria-label="Close reveal" type="button"></button> </div> </footer> </div> </div> </div>  <script src="/includes/js/all.min.js?cb=1738175921178"></script> <script></script> <script src="/includes/js/bundles/shared/shared.cards.min.js?cb=1738175921178" ></script> <script src="//cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js" ></script> <script src="/includes/js/bundles/partials/sidebar-menu.min.js?cb=1738175921178" ></script> <script src="/includes/js/bundles/blocks/block.multi-feature-card-block.min.js?cb=1738175921178" ></script> </body> </html>

CINXE.COM

Digital Forensics and Incident Response (DFIR) | Rapid7