In a threat landscape characterized by targeted attacks, fileless malware, and other advanced hacking techniques, the days of relying solely on traditional “dead box” forensics for investigations are… well, dead. Live forensics, a practice considered a dangerous and dark art just a decade ago, has now become the de facto standard. However, many Computer Security Incident Response Teams still struggle with this type of threat hunting.
John Moran will discuss the benefits and pitfalls of and best practices for performing live box forensics as a threat hunting tool. He will introduce and demo a free and publicly available command-line tool for Windows that automates the execution and data acquisition from other live forensics tools in a more secure and easier-to-maintain manner:
-
PC3000 Portable III in Digital Forensics
Introduction Sooner or later, most forensics experts have to deal with damaged hard drives… -
How to analyze different types of devices and find connections between them
Modern digital forensics and incident response cases may involve quite different types of … -
Threat Hunting: What it Is, and What it Is Not
Nowadays everybody is talking about threat hunting. Everyone wants to be a threat hunter. …
Load More Related Articles
-
Launching APOLLO: Creating a Simple Tool for Advanced Forensic Analysis
Last week Sarah Edwards attended MacDevOpsYVR in Vancouver, Canada, and had a talk about h… -
A Brief History of Attribution Mistakes
This presentation will examine the analytic mistakes the infosec community has made over t… -
Windows Store & Apps Analysis
Here are research, tools and scripts presented at Magnet User Summit 2019 by Yogesh Khatri…
Load More In Presentations
Comments are closed.
