Signatures are dead, or so we’re told. It’s true that many items that are shared as Indicators of Compromise (file names/paths/sizes/hashes and network IPs/Domains) are no longer effective. These rigid indicators break at the first attempt at evasion. Creating resilient detections that stand up to attempted evasion by dedicated attackers and researchers is challenging but possible with the right tools, …

Most people know the Shadow Brokers leaked (supposedly) stolen NSA cyber tools, which lead to some of the most significant cyber security incidents of 2017. But in addition to targeting NSA, the Shadow Brokers have also targeted a few individuals in our community. Hear about the history of the Shadow Brokers and the implications of their actions for infosec and …

Test evidence lies at the heart of our field. We need to be able to test our tools to make sure that they parse data correctly. New hires and students need to have their knowledge tested and challenged in a controlled environment. How do you create realistic, believable, and effective scenarios to test forensic evidence? After spending several months putting …

Full Disk Encryption (FDE) may be rather useful as a defense mechanism against potential theft of a computer system. However, when the system is compromised and requires careful forensic analysis, FDE can be quite painful to forensic analysts. Unless you deal with standard and widely supported encryption such as LUKS, Bitlocker, TrueCrypt or few others, it might really hard to …

In every case you work on, someone is asking you to get answers faster but without introducing more human error. Depending on the case, there are “go to” artifacts that help us to quickly answer basic questions. As the questions get more complicated so can the analysis. Oftentimes, the need arises to correlate multiple artifacts to get a more accurate …

In an age where data breaches and malware infections are quickly becoming the norm, we must prepare for Digital Forensics and Incident Response (DFIR). Most DFIR talks and advice discuss what to do once an incident has occurred. Instead, this talk provides Security Architects, System Administrators, SOC teams, and management new techniques and advice to supercharge their IR capabilities by …

In an age where data breaches and malware infections are quickly becoming the norm, we must prepare for Digital Forensics and Incident Response (DFIR). In doing so, there are many things that System Administrator, Enterprise Defenders, and Security Operations Centers can do proactively to not only enhance the security of an organization, but also assist the DFIR personnel in performing …

Here is the record of Jessica Hyde’s talk from Circle City Con 2018:

Craig Rowland from Sandfly Security goes over simple tactics and techniques you can use to assess a Linux host for signs of compromise:

Come and learn the latest and greatest tricks for automating your incident response and forensics in the cloud. This session focuses on automating your cloud incident response processes covering external and insider threats, triggers, canaries, containment, and data loss prevention.