security

DFIR

Digital Forensics and Incident Response

Definition

DFIR combines the investigative discipline of digital forensics with the operational practice of incident response. Forensics practitioners collect and preserve evidence from compromised systems in a forensically sound manner, while IR practitioners contain threats and restore operations.

The two disciplines are tightly coupled — response actions must preserve evidence integrity for potential legal proceedings.

Related Terms

Forensics

Digital Forensics

IOC

Indicator of Compromise

TTP

Tactics, Techniques, and Procedures

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product