In an age where data breaches and malware infections are quickly becoming the norm, we must prepare for Digital Forensics and Incident Response (DFIR). Most DFIR talks and advice discuss what to do once an incident has occurred. Instead, this talk provides Security Architects, System Administrators, SOC teams, and management new techniques and advice to supercharge their IR capabilities by …

In an age where data breaches and malware infections are quickly becoming the norm, we must prepare for Digital Forensics and Incident Response (DFIR). In doing so, there are many things that System Administrator, Enterprise Defenders, and Security Operations Centers can do proactively to not only enhance the security of an organization, but also assist the DFIR personnel in performing …

Here is the record of Jessica Hyde’s talk from Circle City Con 2018:

Craig Rowland from Sandfly Security goes over simple tactics and techniques you can use to assess a Linux host for signs of compromise:

Come and learn the latest and greatest tricks for automating your incident response and forensics in the cloud. This session focuses on automating your cloud incident response processes covering external and insider threats, triggers, canaries, containment, and data loss prevention.

Sarah Edwards has published her presentation (PDF) and demo videos from BSides Baltimore. You will learn about how to acquire, mount and analyze APFS volumes, forensic tools which currently support this file system, and also its history and features.

In this video, Belkasoft discusses new features of Evidence Center version 9.0 such as new reporting, deduplication, PhotoDNA, NTFS compression, macOS system configuration analysis and other features added to the new major release.

In this video Aliaume Leroy from Bellingcat talks about open source investigation/verification tools and presents a number of real life examples of its usage:

The Windows registry is an essential source of evidence when performing a wide range of examinations. In a recent talk (ZeroNights, 2017), Maxim Suhanov described various problems with popular tools used to parse offline registry hives and to recover deleted data. You can find the slides here.

Smartphones are constantly changing and the course is forced to evolve. FOR585 has been updated and includes 7 new labs, new sections and bonus material for students interested in smartphones that aren’t common to all parts of the world, but really matter to some. A glimpse of the new sections in FOR585 will be provided in this webcast to include …