Mastering DFIR: Digital Guardian for DFIR and Data Protection | Digital Guardian

The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

Mastering DFIR: Digital Guardian for DFIR and Data Protection

by Bill Bradley & Tim Bandos on Tuesday January 21, 2020

Contact Us
Free Demo

In this post, the second of two blogs, Bill Bradley breaks down DG Wingman and Digital Guardian's data protection capabilities.

Digital Guardian’s resident cybersecurity expert Tim Bandos recently helped present on our most recent webinar, “How a $0 DFIR Kit Can Take on Big Dollar Enterprise Tools.” If you haven’t had a chance to watch it yet and have interest in building out your Digital Forensics & Incident Response (DFIR) arsenal, it’s worth the time. Tim’s background as a cybersecurity practitioner gave him first hand experience with these tools and helped him when it came to developing DG Wingman, our free DFIR utility.

As part of the webinar, we had dozens and dozens of questions submitted to learn more about Wingman, DFIR tools, DFIR processes, open source software, and Digital Guardian capabilities. Because many of these questions fell into similar categories, we'll be addressing them in two blogs. The first, published last Thursday focused on DFIR tools and processes; today's post will focus on DG Wingman and Digital Guardian's data protection capabilities.

Part 2 - Digital Guardian for DFIR and Data Protection

Digital Guardian Wingman

Many of the questions we received were centered on what DG Wingman does to help Tim as an infosec analyst. Wingman’s primary purpose is its ability to forensically collect and acquire critical artifacts of interest such as the $MFT, Event Logs, Registry, etc. with ease. Additionally, you have the option to execute custom commands as SYSTEM or run a full scan of an endpoint collecting metadata from portable executable files such as hashes, certificates, strings, and more.

You can read more about it here.

The tool is free for you to use and can be downloaded here.

Once you have, I'd love to hear some stories about what you’ve found with it. You can contact me at

Digital Guardian Capabilities

The most common question here was: “What makes Digital Guardian unique among other DLP solutions?” This is understandable given the number of vendors that have historically sold DLP are being confused with a new crop of vendors that have seen the growth in the segment and taken DLP-like capabilities and called it DLP. What makes DG different among those in the field?

  • Broadest Endpoint DLP Operating System and Browser Coverage
  • Digital Guardian offers the broadest endpoint operating system and browser coverage, covering Windows, macOS, and Linux (multiple versions supported for SUSE, Red Hat, Ubuntu, Debian), VMware and Citrix virtual machines, content inspection and policy enforcement for Google Chrome 68. Digital Guardian maintains technical alliances with both Microsoft and Apple to be prepared for their new releases.
  • No Policy, No Problem
  • Only with Digital Guardian can you deploy Endpoint DLP even before you have policies in place to get a complete understanding of how sensitive data is being accessed and used within your organization. With this you can create polices based on your real-world needs.
  • Single Agent for DLP & EDR
  • Only DG addresses insider threats, advanced threats, and handles compliance with a single agent and a single platform. Only Digital Guardian’s solution is recognized as both a “Leader” in the latest (2017) Gartner Magic Quadrant for Enterprise Data Loss Prevention AND a “Leader” in the 2018 Forrester Wave for Endpoint Detection and Response
  • SaaS Delivery Model
  • Only Digital Guardian offers a Software as a Service (SaaS) solution fully hosted by DG. Our SaaS offering includes everything in the subscription – provisioning and support for all back-end infrastructure, application monitoring, backups, upgrades, etc. This cuts costs and eliminates the complexity of patching, updating and maintaining on premise server infrastructure.
  • Vendor-Delivered DLP as a Service
  • Only Digital Guardian delivers a fully vendor-managed DLP solution. This eliminates finger-pointing between the technology vendor and the managed service provider. Pair with our Managed Security Program for EDR to protect your most sensitive data from all threats.
  • Greater Context for Enhanced Data Protection
  • Only Digital Guardian delivers context into your data security alerts to allow for more informed DLP and EDR decisions. Alerts include the sensitivity of the documents accessed allowing better prioritization of alerts.

To learn how we deploy our DLP, please click here.

In Summary

  • DFIR tools are a critical component to your success during incident response.
  • There are hundreds, if not thousands of tools out there. Find the ones that works best for you and your workflow.
  • Identify any gaps or known issues with the tools you use to avoid false interpretations.
  • Spend as much time as you can with each utility you use. Often there are tons of features that may go unused that may provide critical insight into investigations.

Tags: Company News

Recommended Resources

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • The Five Stages of Threat Hunting
  • A Proactive Approach to Threat Hunting
  • Expert Tips

Bill Bradley

Bill Bradley is director of product marketing at Digital Guardian, bringing over 20 years of technology, marketing, and sales experience to the role. He spent the first portion of his career in field sales and brings this customer-centric mentality to his role in marketing for Digital Guardian. Prior to Digital Guardian Bill was at Rapid7 and the General Electric Corporation.