DEV Community


Posted on

TryHackMe IR Philosophy and Ethics Walkthrough

TryHackMe launched another eye-catching and food for thought type of room: IR Philosophy and Ethics.. It summarizes in a captivating and interactive way the process, ethics, duties and dilemmas in Digital Forensics and Incident Response (DFIR).
Different scenarios and case studies illustrate potential challenges faced by DFIR Teams.
With that being said, let's find out some of the answers!

Task 2- DFIR Recap

During containment, what must be done to compromised systems to prevent more damage?

isolate and quarantine

The answer can be found just right here:


An adversary's entry point to an organisation can be identified as?


And the answer can be taken from here...

What key action must be taken during recovery?


The source:

So far so good! πŸ’₯

Task 3- Ethics in DFIR

As a DFIR analyst, one must avoid any bias. What principle would you be embodying?


And I know this from here...


Creating a map of the data handling journey during evidence preservation is establishing a what?


I guess it's here! πŸ˜‰


What does providing regular updates to stakeholders ensure?


No words needed to say...


How are you feeling now? 🌞

Task 4- Duties to DFIR Teams

Which duty involves building and maintaining trust with stakeholders during a cyber breach investigation?


Is that so? 😸


To ensure transparency, DFIR teams have a duty to?



For the next question, the answer lies in this extremely interesting case study: Ethics for Incident Response and Security Teams - Case Studies which I really recommend you to read it, independently of the task!

Based on the duty to inform case study, what should be considered when deciding whether to investigate a breach? (Answer1 vs Answer2)

Here the answer can be tricky and I will not hide the fact that initially I really thought that the answer is in the form of noun vs noun, aspect fortified by the two-lettered second word! Fortunately, the answer was still easy to be retrieved:



Based on the duty to responsible collection case section, what should be set in advance to prevent excessive data collection?

In this question, we are thrown back in the walkthrough.



Last but not least...

Under which duty would teams ensure to operate within the bounds of the law and organisational policies?


The answer is authorized here:

duty of authorization

Task 5- Face the Dilemmas

I'm also facing a dilemma right now, since I think it would be more beneficial for you to actually go through this nice, useful game, than posting the answer!

It's really easy to discover the answers and I believe in you that you'll find the flag!

Before bye-bye

Thank you for your interest in this subject and in the article. If you want to find out more, I'll leave you here other 3 resources:

Let me know your thoughts! πŸ˜‰

Top comments (0)