Windows event logs contain a bewildering variety of messages. But homing in on a few key events can quickly profile attacker activity.
From administrator logins, to scheduled tasks, to entries related to system services, and more– the event logs are a one-stop shop.
Learn to “crack the code” and enhance your investigations by adding event log analysis to your toolset.
Hal Pomeranz is an independent digital forensic investigator who has consulted on cases ranging from intellectual property theft, to employee sabotage, to organized cybercrime and malicious software infrastructures. He has worked with law enforcement agencies in the US and Europe and global corporations.
While equally at home in the Windows or Mac environment, Hal is recognized as an expert in the analysis of Linux and Unix systems. His research on EXT4 file system forensics provided a basis for the development of Open Source forensic support for this file system. His EXT3 file recovery tools are used by investigators worldwide.
Hal is a SANS Faculty Fellow and Lethal Forensicator, and is the creator of the SANS Linux/Unix Security track (GCUX). He holds the GCFA and GREM certifications and teaches the related courses in the SANS Forensics curriculum. He is a respected author and speaker at industry gatherings worldwide. Hal is a regular contributor to the SANS Computer Forensics blog and co-author of the Command Line Kung Fu blog.
The webcast can be accessed at https://www.sans.org/webcasts/ir-event-log-analysis-99592 (registration required).