Create methodology-overview.md

Author: ngvuthdanhh

extras/methodology-overview.md

@@ -0,0 +1,35 @@
+# DFIR Methodology Overview
+
+This file summarizes the digital forensics and incident response workflow.
+
+## Core Stages
+
+### 1. Preparation
+- Playbooks  
+- Evidence handling SOPs  
+- Logging configuration  
+
+### 2. Identification
+- Alert triage  
+- Scoping the incident  
+
+### 3. Containment
+- Isolate host  
+- Block indicators  
+- Preserve volatile state  
+
+### 4. Eradication
+- Remove malware  
+- Patch exploited vulnerabilities  
+
+### 5. Recovery
+- Restore from backups  
+- Re-enable services  
+
+### 6. Lessons Learned
+- Root cause analysis  
+- Documentation updates  
+- Detection improvement  
+
+## Notes
+This workflow aligns with NIST SP 800-61r2 and common IR frameworks.