Digital forensics is about answering questions and building timelines. Who did what and when. When something malicious takes place on a computer there is evidence that can be collected and used to reconstruct what exactly happened. Depending on the type of events that need to be reconstructed, the evidence required may be difficult to retrieve. In order to make the lives of DFIR professionals easier, LimaCharlie has integrated the Velociraptor open source endpoint visibility tool.

My name is Mike Behrmann. I am the Director of Digital Forensics and Incident Response at Antigen Security. We are a DFIR-led consulting firm that specializes in incident response, recovery engineering, managed detection & response (MDR) and training. My job there is to oversee the DFIR practice itself: the people, the processes, the tooling, the cases and the customers. I'm an incident commander one minute, diving in like an analyst the next and even doing some business development.