SANS DFIR Webcast - APT Investigations -- How To The Forensic Side

Описание: Overview

APT (Advanced Persistent Threat) incidents, and their corresponding forensic investigations, constitute a big challenge from the technical point of view. It's not easy to deal with an investigation in which dozens or even hundreds of systems have been compromised, and where attackers may use sophisticated strategies to go unnoticed.

Dealing with that complexity often requires deep computer forensics knowledge (on top of a great dose of intuition and creativity), which must be combined and coordinated in a way which is not commonly found in the average Incident Responder: registry, filesystem, memory, timelines/supertimelines, shadow volumes, malware analysis, network forensics, mobile devices forensics, etc.

In this presentation, based on Jess Garcia's experience leading his IR Team at One eSecurity in massive APT investigations during the last few years, he will discuss which tools and techniques are used in a typical APT incident, and how Incident Responders can combine them to get the best results in the real world.

Speaker Bio

Jess Garcia

Jess Garcia, founder of One eSecurity, is a senior security engineer with over 15 years of experience in information security. During the last five years Jess has worked on highly sensitive projects in Europe, the United States, Latin America, and the Middle East with top global customers in the financial, insurance, corporate, media, health, communications, legal, and government sectors. His work has included incident response, computer forensics, malware analysis, security architecture design and review, and more. Previously, Jess worked for 10 years as a systems, network, and security engineer in the Spanish Space Agency, where he collaborated as a security advisor with the European Space Agency, NASA, and other international organizations. Jess is a frequent speaker at security events, having been invited to dozens of them around the world during the last few years. Jess has also contributed to several books, articles, SANS courseware, the GIAC program, etc. Jess is an active security researcher in areas such as incident response and computer forensics and honeynets. Jess holds a Masters of Science in telecommunications engineering from the Univ. Politecnica de Madrid.


For more incident response training courses at SANS: http://www.sans.org/course/advanced-i...