•  

FOR508: Advanced Computer Forensic Analysis and Incident Response

A session at SOS: October Singapore 2012

  • Jess Garcia

Updated Course / Content Notice Brand New! Relaunch in 2012 - Entire course materials, exercises, and challenges fully updated to give students experience in investigating real-world advanced attacks and APT-like scenarios in a Windows Enterprise Environment. Don't miss the NEW FOR508!
Overview
Over the past two years, we have seen a dramatic increase in sophisticated attacks against nearly every type of organization. Economic espionage in the form of cyber-attacks, also known as the Advanced Persistent Threat (APT), has proven difficult to suppress. Attackers from Eastern Europe and Russia continue to steal credit card and financial data resulting in millions of dollars of losses. Hackivist groups attacking government and Fortune 500 companies are becoming bolder and more frequent.

Sophisticated hackers can advance rapidly through your network using advances in spear phishing, web application attacks, and custom malware. Incident Responders and Digital Forensic Investigators must master a variety of operating systems, investigative techniques, incident response tactics, and even legal issues in order to combat challenging intrusion cases across the enterprise.

Attackers will use anti-forensic techniques to hide their tracks. They use rootkits, file wiping, timestamp adjustments, privacy cleaners, and complex malware to hide in plain sight and avoid detection by standard host-based security measures. Every action that adversaries make leaves a trace; you merely need to know where to look.

Our adversaries are good and getting better. Are we learning how to counter them? Yes we are. Learn how.

FOR508: Advanced Computer Forensic Analysis and Incident Response will give you the tools and techniques necessary to master advanced incident response, investigate data breach intrusions, find tech-savvy rogue employees, counter the Advanced Persistent Threat, and conduct complex digital forensic cases.

This course uses the popular SIFT Workstation to teach investigators how to investigate sophisticated crimes. SIFT contains hundreds of free and open source tools, easily matching any modern forensic tool suite. It demonstrates that advanced investigations and incident response can be accomplished using frequently updated, cutting-edge open source tools.

FIGHT CRIME. UNRAVEL INCIDENTS... ONE BYTE AT A TIME.

About the speaker

This person is speaking at this event.
Jess Garcia

Sign in to add slides, notes or videos to this session

Tell your friends!

When

Date Mon 15th October 2012

Short URL

lanyrd.com/symtz

Official event site

www.sans.org/info/95834

View the schedule

Share

See something wrong?

Report an issue with this session