SANS WhatWorks Summit in Forensics and Incident Response
Written by Jamie Butler
The SANS WhatWorks Summit is quickly approaching, and I am excited to attend for the first time this year. Peter Silberman and I will be presenting on memory forensics. There has been some recent public debate about the usefulness of memory forensics. You can read some of my thoughts on particular issues at DailyDave. While we will not have time in 40 minutes to dive into the finer points of this argument, I believe we have some pretty compelling use cases. You can be the judge. Of course, if you want to stick around after the talk, Peter and I will be happy to engage in the discourse.
I look forward to seeing everyone at the conference. Rob Lee has put together what I believe everyone will find is an informative show. Do not forget to catch Kris Harms’ talk and see if you can find evil or not.
Speakers: Jamie Butler and Peter Silberman
Date: Tuesday, July 7, 3:10pm – 3:50pm
Title: Memory Forensics and Analysis
The memory in today’s business desktops is now larger than the hard drives that were in systems just a few years ago. Traditionally, forensic analysis has meant taking an image of the hard drive and sifting through files. This is only half of the story and can no longer be considered sufficient. Attackers are writing less to disk and hiding more in the ample memory users now enjoy. Memory analysis – once a niche function performed by only the most advanced forensic investigators – is now mainstream and common in professional investigations. Tools have been written to make memory analysis as easy for the investigator if not easier than hard drive analysis and in a fraction of the time. In this talk, we will show you how to quickly identify suspicious things in memory without having to be a reverse engineer. This talk will feature research, use cases, and real world examples.
Speaker: Kris Harms
Date: Tuesday, July 7, 9:30am – 10:30am
Title: Evil or Not? Rapid Confirmation of Compromised Hosts Via Live Incident Response
During this presentation, attendees will learn practical, tried, and true methods to review live incident response information. You will obtain the skillful eye required to quickly confirm or dispel if a system is compromised. Recent case data from PCI credit card breaches as well as the Advanced Persistent Threat (APT) will be used as samples. Armed with this knowledge, you will excel as an initial responder to any incident.
Tags: DailyDave, Find Evil, forensics, incident response, memory, SANS
. 01 Jun 09 | Conferences, General
Leave a Reply
You must be logged in to post a comment.
Recent Posts
- State of the Hack Webinar – Thursday March 11th
- Malware Behaving Badly: Preview
- Audit Viewer: Malware Rating Index Undocumented Features and Caveats
- Combat the APT by Sharing Indicators of Compromise
- DOD Cyber Crime: New Audit Viewer/Memoryze
Follow us on Twitter
- Mandiant: M's Butler & Silberman to teach 2 day course "Advanced Memory Forensics in Incident Response" @ CanSecWest Mar. 22-23 http://bit.ly/c9esQO
- Mandiant: Successful IR requires both mjg RT @llcoolj The educated do not share a common body of information, but a common state of mind
- Mandiant: Register for M's State of the Hack: Silent But Deadly webinar, Thursday, March 11 @ 2PM EST http://bit.ly/cKw0ba