SANS DFIR Webcast - Incident Response Event Log Analysis
Вставка
- Опубліковано 16 чер 2024
- SANS Incident Response Training Course: www.sans.org/course/advanced-c...
Windows event logs contain a bewildering variety of messages. But homing in on a few key events can quickly profile attacker activity.
From administrator logins, to scheduled tasks, to entries related to system services, and more-- the event logs are a one-stop shop.
Learn to "crack the code" and enhance your investigations by adding event log analysis to your toolset.
Speaker Bio
Hal Pomeranz
Hal Pomeranz is an independent digital forensic investigator who has consulted on cases ranging from intellectual property theft, to employee sabotage, to organized cybercrime and malicious software infrastructures. He has worked with law enforcement agencies in the US and Europe and global corporations.
While equally at home in the Windows or Mac environment, Hal is recognized as an expert in the analysis of Linux and Unix systems. His research on EXT4 file system forensics provided a basis for the development of Open Source forensic support for this file system. His EXT3 file recovery tools are used by investigators worldwide.
Hal is a SANS Faculty Fellow and Lethal Forensicator, and is the creator of the SANS Linux/Unix Security track (GCUX). He holds the GCFA and GREM certifications and teaches the related courses in the SANS Forensics curriculum. He is a respected author and speaker at industry gatherings worldwide. Hal is a regular contributor to the SANS Computer Forensics blog and co-author of the Command Line Kung Fu blog.
For more incident response training courses at SANS:
www.sans.org/course/advanced-i...
www.sans.org/course/advanced-n... - Наука та технологія
With Velociraptor deployments on Debian clouds...DFIR tech has really stepped up the game in a huge way!
Very nice video to go through the basics. Thank you very much.
excellent video, the speaker did a great job.
Love this, very informative
Perfect points to make me get it, many thanks!
Well done, thanks
Thank you so much for this video, this is so old but still a gold, i always have a confusion about reading any security log files to find the vulnerabilities and trojans or viruses. i wish if you can make another video a lot in detail.
Fantastic training but I can't find the recommended log alerts settings
was this investigation conducted using the compromised machine or did you use SIFT?
When systems become too complicated, thats when the most basic attack becomes effective and vice versa
On like :)
This video is a bit dated. But it wasn't long after this video was produced that Microsoft triggered the control algorithms that they had been working on for many years, and started changing computers two Windows 10 without permission from users. By this point, anyone who doesn't realize that Microsoft is patient zero, as it is called in this video, is either Clueless or scared of Microsoft. No, they will never plant files called malicious. Anything. but any file that starts with the name trusted is a dead giveaway as to being a major component in the first malware driven operating system in history.
So how do you install Fallout2.exe on a Windows 10 from just the files off the disk because you have a copy but don't know where your usb disk drive is or let alone the disk yet haven't tried finding either because well. Log(s)🧗♂️ hahahahaha.
I'm serious though, I'm sure you've gotta have the answer I'm looking for.