For many years, professionals have been asking to see real APT data in a way that shows them how the adversaries compromise and maintain presence on our networks. Now you can experience it first hand - using real data. The SANS Digital Forensics and Incident Response team will take you through an end-to-end investigation similar to briefs that are supplied to C-level executives who want to understand how their network was compromised and how these adversaries think, act, and move around their enterprise.
Starting with core steps in digital forensics, incident response, network forensics, memory analysis, and RE malware, instructors Rob Lee (FOR408 - Digital Forensics), Chad Tilbury (FOR508 - Incident Response), Alissa Torres (FOR526 - Windows Memory Forensics), Phil Hagen (FOR572 Network Forensics), and Lenny Zeltser (FOR610 - RE Malware) will walk through how key skills are used to solve a single intrusion for 20 minutes each. The tag team approach will detail how response teams can be leveraged in your environment to effectively respond to incidents in your enterprise.
This talk is perfect for those in the trenches or for those in management who really want to understand how a response team identifies and responds to these adversaries. What is it they are after? How did they get in? How did our systems fail to detect them? These questions and more will be answered in this one-of-a-kind keynote.