What do you think?
Rate this book
Blue Team Field Manual (BTFM)
Blue Team Field Manual (BTFM) is a Cyber Security Incident Response Guide that aligns with the NIST Cybersecurity Framework consisting of the five core functions of Identify, Protect, Detect, Respond, and Recover by providing the tactical steps to follow and commands to use when preparing for, working through and recovering from a Cyber Security Incident.
135 pages, Kindle Edition
Published December 1, 2017
507 people are currently reading
759 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 21 of 21 reviews
March 8, 2018
Good for what it's worth
Good start for first timers in DFIR, seasoned vets might also get a couple new tricks. Advanced techniques are missing, they couod have worked harder on that book. Have no idea why tools such as Redline are missing, rekall and volatility too...
Good start for first timers in DFIR, seasoned vets might also get a couple new tricks. Advanced techniques are missing, they couod have worked harder on that book. Have no idea why tools such as Redline are missing, rekall and volatility too...
October 8, 2018
Blue Team Field Manual, don't leave your network alone without giving this to your BOFH lazy lacky number 2 in command.
When you are being attacked, want to guard from an attack, or bed reminders of where that one log file you need for post mortem forensic mining is... The BTFM is the cheat sheet you want on your desk. I use it all the time.
Seriously though, Cybersecurity command line and GUI primary tools for Windows, Unix, Linux. All with explanations and basic to deep examples of use.
When you are being attacked, want to guard from an attack, or bed reminders of where that one log file you need for post mortem forensic mining is... The BTFM is the cheat sheet you want on your desk. I use it all the time.
Seriously though, Cybersecurity command line and GUI primary tools for Windows, Unix, Linux. All with explanations and basic to deep examples of use.
January 6, 2025
Pretty much entirely something to use as refrance material--in the way that you should definitely read up on the topics presented here in other materials that go much further indepth on the topic
A starting point for learning this stuff--and far from sufficient on its own
That being said--there is a large amount of material to further read and get a better understanding
If you want to be all edgy, you will need this as well as the Red Team counterpart
A starting point for learning this stuff--and far from sufficient on its own
That being said--there is a large amount of material to further read and get a better understanding
If you want to be all edgy, you will need this as well as the Red Team counterpart
Read
September 11, 2021Informative
At first I was unsure as to whether this was a red/blue team book, but after a few chapters many good insights and guides had been introduced that shifted my original thought pattern. Small/brief explanations followed by commands would best describe the context of this book. Will buy a tangible copy as well.
At first I was unsure as to whether this was a red/blue team book, but after a few chapters many good insights and guides had been introduced that shifted my original thought pattern. Small/brief explanations followed by commands would best describe the context of this book. Will buy a tangible copy as well.
March 4, 2020
Naturally I also have the Red Team Field Manual. I happen to think they're both crucial and I would hope any interested parties and/or teamers would familiarize themselves with both resources. Recommended!
December 26, 2022
awesome reference cheat sheet
It’s like having a bunch of cheat sheets on pen testing commands on multiple operating systems. It’s one of the items you keep in your backpack or work device for later reference.
It’s like having a bunch of cheat sheets on pen testing commands on multiple operating systems. It’s one of the items you keep in your backpack or work device for later reference.
July 17, 2025
ɪ ᴀꜱᴋᴇᴅ ᴛʜɪꜱ ᴛᴇᴀᴍ ᴛᴏ ᴜɴʟᴏᴄᴋ 2 ꜰɪʟᴇꜱ ᴀɴᴅ ᴛʜᴇʏ ᴅɪᴅ ɪᴛ ɪɴ 24 ʜᴏᴜʀꜱ. ᴛʜᴇ ᴏɴʟʏ ɪꜱꜱᴜᴇ ɪ ꜰᴀᴄᴇᴅ ᴡᴀꜱ ᴛʜᴀᴛ ᴛʜᴇʏ ᴅɪᴅ ɴᴏᴛ ᴀᴄᴄᴇᴘᴛ ᴄʜᴇᴄᴋ ᴘᴀʏᴍᴇɴᴛ. ʏᴏᴜ ᴄᴀɴ ꜱᴇɴᴅ ᴊʙᴇᴇ ꜱᴘʏ ᴛᴇᴀᴍ ᴀ ᴅᴍ ᴏɴ ᴇᴍᴀɪʟ ᴄᴏɴʟᴇʏᴊʙᴇᴇꜱᴘʏ606@ɢᴍᴀɪʟ.ᴄᴏᴍ
August 24, 2017
This book lives in my back pack, next to the RTFM.
November 23, 2017
A nice companion to the RTFM book. Great for those who remember concepts, but not syntax.
January 13, 2018
A great reference book for incident response and malware investigation. Got this for Christmas and it's staying close!
February 16, 2019
Great Manual with some great code!
February 24, 2019
It's a nifty reference guide for sure.
May 1, 2019
Definitiv kein Buch zum durchlesen, eher zum nachschlagen gedachte Kommando Sammlung ohne große Hintergrund Beschreibung.
June 4, 2019
Gives a nice overview of what you can start with as a blue team
November 28, 2020
This is a reference manual to help spur your thoughts, and remind yourself of useful commands and switches. Not a how-to guide.
August 11, 2023
Great and straight to the point. This is pretty much a cheat sheet for blue teamers, separated by different type of situations, also OS's are treated by separate, so it is a plus.
April 16, 2024
I forgot what the word manual meant, I just read 144 pages of commands. It is a good manual though
May 12, 2025
Reference manual for defenders. Preinstall utilities and programs for matches and practise frequently.
December 28, 2025
reference book
January 26, 2018
Straight a to the point
I love this command reference style book. Excellent reference for all levels of keeping your environment protected, logged, and playbook start framework for incident response. I hope to see more books like this covering other aspects of
I love this command reference style book. Excellent reference for all levels of keeping your environment protected, logged, and playbook start framework for incident response. I hope to see more books like this covering other aspects of
April 9, 2020
Unimpressed.
This is just a list of consolidated syntax that someone in an information security/analyst/cyber/aka... "Blue Team" may find useful.
I really didn't get much value out of this book.
If you're reading this review and you are trying to come to a decision point for purchase, if you have an "above average knowledge base" such as a few years experience, a degree, or more than one professional IT certification... I would not recommend this book. You would be better off using free and more accessible online resources, or... you already know the material.
This is just a list of consolidated syntax that someone in an information security/analyst/cyber/aka... "Blue Team" may find useful.
I really didn't get much value out of this book.
If you're reading this review and you are trying to come to a decision point for purchase, if you have an "above average knowledge base" such as a few years experience, a degree, or more than one professional IT certification... I would not recommend this book. You would be better off using free and more accessible online resources, or... you already know the material.
Displaying 1 - 21 of 21 reviews