Cyber Forensics for Lawyers: A Technical Primer on Hacking Techniques and Forensic Investigations

26 May 2021 12:00 p.m. - 01:00 p.m. EDT

In this session, MoFo breach counsel and Unit 42 incident responders will demystify the jargon behind hacking techniques and forensic investigations, and share what you need to know to make sense of the technical discussions on incident response calls. We'll cover common questions that come up, like:

  • What are the most common initial vectors of intrusion used by hackers to get into networks? What is "password spraying" and “credential stuffing”?
  • What does it mean to “harvest credentials,” and how do hackers move laterally and escalate privileges?
  • What are the most common log sources used in a forensic investigation and what is their significance?
  • What does “staging” mean? How do incident responders determine whether data has been exfiltrated vs accessed?
  • How do you investigate activity in the Cloud, and how is it different from on-premises investigations?
  • What is the difference between anti-virus software and Endpoint Detection and Response (EDR), and next-generation tools like Extended Detection and Response (XDR)?

If you were unable to attend our recent webinar, please find a link to the on-demand replay, which will remain active through August 24, 2022. We hope it will provide worthwhile and practical takeaways for your organization. For additional information on this and related topics, visit our Cybersecurity Resource Center

View recording.



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.