Forgotten But Not Gone: Gathering NTFS Artifacts of Deletion - SANS Tactical Detection Summit 2018

Channel:

SANS Institute

Subscribers:

64,000

Published on February 5, 2019 2:02:28 PM ● Video Link: https://www.youtube.com/watch?v=3MdDNjtdC8k

Category:

Guide

Duration: 31:46

1,009 views

SIEM Summit 2019 Agenda: http://www.sans.org/u/UIC

Presenter: Mari DeGrazia (@MariDeGrazia) and Scott Hanson, Kroll

While endpoint threat monitoring tools are powerful, many lack ways to quickly and efficiently recover evidence of deleted information. This deleted information may include evidence of staging tools, exfiltration files and malware that attackers clean up as they go. How can you track an attacker through your environment if they are cleaning up after themselves? Learn how to pull back and leverage two files on the system, the MFT and the NTFS Index Attribute, to discover evidence of deleted files. Once an attacker’s favorite staging location is known, this technique can be scaled up and automated to sweep an environment to locate and analyze evidence of deleted files.

Other Videos By SANS Institute

2019-03-12	Top 10 Writing Mistakes in Cybersecurity and How You Can Avoid Them
2019-03-04	The Hitchhiker’s Guide to Evidence Sources - SANS Webcast
2019-02-21	Purple Teaming Explained
2019-02-20	ICS Security Summit 2019: What to Expect
2019-02-16	Network Visualizations: Understand what's happening faster and easier than ever! - SANS Webcast
2019-02-11	Unconventional Logging and Detection - SANS Tactical Detection Summit 2018
2019-02-11	SANS Blue Team Summit & Training 2019
2019-02-10	The Changing Landscape of Offense - SANS Pen Test HackFest 2018
2019-02-07	Burning Down the Haystack - SANS Security Operations Summit 2018
2019-02-06	Measure Yo Bad Self - SANS Security Operations Summit 2108
2019-02-05	Forgotten But Not Gone: Gathering NTFS Artifacts of Deletion - SANS Tactical Detection Summit 2018
2019-02-04	Applied Data Science and Machine Learning for Cybersecurity - SANS Tactical Detection Summit 2018
2019-02-01	Defeating Attackers with Preventative Security – SANS Institute
2019-01-31	Build it Once, Build it Right: Architecting for Detection - SANS Tactical Detection Summit 2018
2019-01-31	Ship of Fools: Shoring Up Kubernetes Security - SANS Secure DevOps Summit 2018
2019-01-30	Lessons Learned from Illumina's SecDevOps Transition - SANS Secure DevOps Summit 2018
2019-01-30	Everything New is Old Again - SANS Secure DevOps Summit 2018
2019-01-30	The Top Ten Reasons It’s GREAT to Be a Pen Tester - SANS Pen Test HackFest Summit 2018
2019-01-30	A Year Of Gaining Superpowers - SANS Pen Test HackFest Summit 2018
2019-01-29	Hatfields and McCoys: The Dev/Sec Relationship - SANS Pen Test HackFest Summit 2018
2019-01-29	The Clouds Are Out to Get Me! - SANS Pen Test HackFest Summit 2018

Tags:

sans institute

information security

cyber security

cybersecurity

information security training

cybersecurity training

cyber security training

Channel	Latest
chuggaaconroy	6 hours ago
Geraldo G97	6 hours ago
lonniedos	6 hours ago
Karnian community Gaming	7 hours ago
this dad	7 hours ago
GrayStillPlays	7 hours ago
KidTrigger	7 hours ago
Tealgamemaster	7 hours ago
The Librarian	7 hours ago
Valorant DAILY	7 hours ago
Organic Satisfy	7 hours ago
André Roronora Zoro	7 hours ago
Dendi	7 hours ago
Sayro Digital	7 hours ago
SoaR	8 hours ago
LOLREC	8 hours ago
domisumReplay: Twisted Fate	8 hours ago
Sliggy VODS	8 hours ago
domisumReplay: Malphite	8 hours ago
Rodolfo FreeToPlayer	8 hours ago
komakala	8 hours ago
Docwel	8 hours ago
Mundo Variado	8 hours ago
LateBlt	8 hours ago
MinMumCS2	8 hours ago