Remote Forensic Investigations in the Context of COVID-19 | SANS@MIC Talk

Channel:
United States SANS Institute
Subscribers:
64,099
Published on ● Video Link: https://www.youtube.com/watch?v=HBpswG8rKn4


Duration: 1:03:33
498 views
11

Many of us are confined at home due to the COVID-19 pandemic. But, business as usual, many organizations are still facing security incidents (related to the virus or not). Let's imagine the following scenario: Your phone rings because a customer detected some suspicious activity on a server or a workstation. Of course, it must be investigated "as soon as possible". The server is physically located 500km away and you're stuck at home... How to handle this situation?

During this SANS@MIC webcast, I'll present and demonstrate a customizable live CD based on free tools to perform remote forensic investigations: check filesystems for indicators of compromise, take memory image, extract logs, and much more...

Speaker Bio

Xavier Mertens is a freelance cybersecurity consultant based in Belgium. His daily job focuses on the “blue team” side to protect his customer’s assets (incident handling, forensics, log management, SIEM, security visualization, OSINT), but he likes to work on the “red team” side from time to time. Xavier is also a SANS Internet Storm Center Senior Handler (https://isc.sans.edu), security blogger (https://blog.rootshell.be) and co-organizer of the BruCON security conference (http://www.brucon.org).



Other Videos By SANS Institute


2020-06-19The Only Constant is Change: Tracking Adversary Trends | STAR Webcast
2020-06-18Maldocs: A Bit of Blue, A Bit of Red | SANS@MIC Talk
2020-06-18Catch and Release: Phishing Techniques for the Good Guys | SANS@MIC Talk
2020-06-16Arcane Web and Mobile Application Vulnerabilities | SANS@MIC Talk
2020-06-16A Walk Through Logs Hell | SANS@MIC Talk
2020-06-12Shellcode Analysis 101 | SANS@MIC Talk
2020-06-09SANS Live Online Interactive Remote Lab and Range Demo – SEC599: Defeating Advanced Adversaries
2020-06-09SANS Live Online Interactive Local Lab Demo – FOR508: Advanced Incident Response
2020-06-09SANS Live Online Interactive Live Lab Environment Demo: Slack, Local and Remote Lab Demonstrations
2020-06-09CYA by Using CIA -- Correctly For a Change | SANS@MIC Talk
2020-06-09Remote Forensic Investigations in the Context of COVID-19 | SANS@MIC Talk
2020-06-05Waiting for a cyber range exercise is not enough | SANS@MIC Talk
2020-06-03Case Study: Airbus
2020-06-02WinSCP: Yeah you know me! | SANS@MIC Talk
2020-05-28Prioritizing OT Security Efforts: The Five Tactical Things to Accomplish | SANS@MIC Talk
2020-05-28Introduction to Docker for security work | SANS@MIC Talk
2020-05-27Threat Hunting and the Rise of Targeted eCrime Intrusions | STAR Webcast
2020-05-21Moving Past Just Googling It: Harvesting and Using OSINT | SANS@MIC Talk
2020-05-20Find_Evil - Threat Hunting | SANS@MIC Talk
2020-05-18Tricking modern endpoint security products | SANS@MIC Talk
2020-05-18Modern Domain Deception - The risk, issues and potentiality | SANS@MIC Talk


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training
forensic investigations
COVID-19