FOR508: Advanced Digital Forensics and Incident Response

A session at SANS Security East 2017

  • Matt Bromiley

THE ADVANCED PERSISTENT THREAT IS IN YOUR NETWORK - TIME TO GO HUNTING! DAY 0: A 3-letter government agency contacts you to say critical information was stolen through a targeted attack on your organization. They won't tell how they know, but they identify several breached systems within your enterprise. An Advanced Persistent Threat adversary, aka an APT, is likely involved - the most sophisticated threat you are likely to face in your efforts to defend your systems and data. Over 80% of all breach victims learn of a compromise from third-party notifications, not from internal security teams. In most cases, adversaries have been rummaging through your network undetected for months or even years. Incident response tactics and procedures have evolved rapidly over the past several years. Data breaches and intrusions are growing more complex. Adversaries are no longer compromising one or two systems in your enterprise; they are compromising hundreds. Your team can no longer afford antiquated incident response techniques that fail to properly identify compromised systems, provide ineffective containment of the breach, and ultimately fail to rapidly remediate the incident. This in-depth incident response course provides responders with advanced skills to hunt down, counter, and recover from a wide range of threats within enterprise networks, including APT adversaries, organized crime syndicates, and hactivism. Constantly updated, the incident response course (FOR508) addresses today's incidents by providing hands-on incident response tactics and techniques that elite responders are successfully using in real-world breach cases. A hands-on enterprise intrusion lab - developed from a real-world targeted APT attack on an enterprise network and based on how an APT group will target your network - leads you through the challenges and solutions via extensive use of the SANS SIFT Workstation collection of tools. During the intrusion lab exercises, you will identify where the initial targeted attack occurred and lateral movement through multiple compromised systems. You will extract and create crucial cyber threat intelligence that can help you properly scope the compromise and detect future breaches. During a targeted attack, an organization needs the best incident response team in the field. FOR508: Advanced Digital Forensics and Incident Response will train you and your team to respond, detect, scope, and stop intrusions and data breaches. GATHER YOUR INCIDENT RESPONSE TEAM - IT'S TIME TO GO HUNTING.

About the speakers

This person is speaking at this event.
Chad Tilbury

Computer forensics, incident response, and network security professional. Frequent speaker and SANS instructor. bio from Twitter

This person is speaking at this event.
Matt Bromiley

SANS Instructor

Sign in to add slides, notes or videos to this session

Tell your friends!


Date Mon 9th January 2017

Short URL


Official session page


View the schedule


See something wrong?

Report an issue with this session