Super Timeline Analysis - SANS DFIR WebCastby Rob Lee via SANS Digital Forensics

Rob Lee will expand on the lab material he presented at HTCIA International Conference and Training Expo 2011 delivering an exciting and valuable webcast both for those who attended the labs as well as those who were unable to attend. HTCIA will kick off this exciting webcast with a recap of the HTCIA 2011 Conference and a preview of 2012.

Over the past year investigators have started to use timeline analysis to help solve challenging cases. Learn how to create and analyze automatic file system and artifact timelines during incident response and criminal investigations.

Utilizing advances in spear phishing, web application attacks, and persistent malware these new sophisticated attackers advance rapidly through your network. Forensic investigators must master a variety of operating systems, investigation techniques, and incident response tactics to solve challenging cases. Temporal data is located everywhere on a computer system. File system MAC times, log files, network data, registry data, internet history files and file metadata all contain time data that can be correlated into critical analysis to successfully solve cases. While utilized first by my team in AFOSI in 2001, timeline analysis has become a critical investigative technique to solve complex cases. Until recently, timeline analysis frameworks have not existed to easily allow multiple examinations of time based data into a single framework that is easily analyzed by investigators. Learn via this hands-on practical webcast that will permanently change your approach to forensic cases.

Published 25 February 2015