Forensics in the CISA Incident Response Playbook

All event times are U.S. Eastern time
Mar 07 2024
1:00 pm - 2:00 pm

The Cybersecurity and Infrastructure Incident Response and Vulnerability playbook released by the Cybersecurity and Infrastructure Security Agency (CISA) in November 2021 lays out a detailed plan for how agencies should implement communication, technology, and policy for Incident response. Forensic collection, preservation, analysis, and reporting are important parts of this playbook.

This presentation will discuss the Incident Response playbook and detail how you can apply your forensic solutions to the playbook.

Key Takeaways:

  • Understand the basics of the Incident Response Playbook
  • Understand the importance of Forensic investigation within the playbook
  • Address mobile device analysis as it relates to incident response and forensics
  • Discuss key collection technologies and methods for effective incident response and forensics


Justin Tolman

Justin Tolman
Forensic Subject Matter Expert, Exterro

Justin Tolman has been working in digital forensics for 12 years. He has a bachelor’s degree in Computer Information Technology from BYU-Idaho and a master’s degree in Cyber Forensics from Purdue University. After graduating he worked as a Computer Forensic Specialist with the Ohio Bureau of Criminal Investigation. He joined AccessData in 2015 as a senior instructor where he trained digital forensic professionals worldwide in forensic tools, concepts, and workflows. He was later promoted to Director of Training over North America. Justin has written training manuals on computer and mobile device forensics, as well as (his personal favorite) SQLite database analysis. Justin currently works as the Forensic Subject Matter Expert and Evangelist at Exterro following the purchase of AccessData by Exterro. He is frequently presenting at conferences, on webinars, and hosts a podcast and produces YouTube content related to digital forensics and Forensic Toolkit.

  • CPE CREDITS: 1.0

In order to receive CPE credit, attendees must fulfill all of these requirements:

  • Attend the entire program
  • Respond to all poll questions
  • Complete and submit the post-event survey


Organizer Name


Registration for FISMA Training Closes Monday, September 11, 2023