There is no such thing as a "secure" system - we do our level best to design them as well as we can, to put controls and measures in place - but, at the end of the day, things can and do go awry. Today we are going to talk about Forensics, and how it is the opposite side of the coin from security. What can we do in advance to aid in forensic investigation? What do we do at the point of a compromise to allow us to preserve as much evidence as is possible? And, ultimately, how to we take a forensic analysis and learn from it to create a better system the next time?Read more >
When a breach happens, chaos ensues. However, for proactive organizations, a digital forensics capability can bring order to chaos and contribute to minimizing overall business impact. Digital forensics plays an integral role in any effective response to a security incident and in its aftermath.
Digital forensics investigations can help you:
•Assess which assets were compromised
•Determine what unauthorized activities were carried out
•Establish an appropriate mitigation strategy
•Assess impact to the organization for a variety of stakeholders
•Learn from previous incidents to adjust security strategy using your own threat intelligence
In this webcast, Randy Stone of the Dell SecureWorks’ Incident Response and Digital Forensics practice will share examples of how digital forensics techniques were used to understand threat actors, attack methods, and impact to organizations. Randy will highlight key operational and technical capabilities required to build and sustain a digital forensics function. He will share common mistakes made by response teams that inhibit the ability to investigate and determine the facts around an incident. Lastly, he will share tips and guidance for how organizations can assess the maturity of their digital forensics capabilities.
In this webcast, you will:
•Hear examples of previous incidents and how digital forensics techniques were used to assess impact and respond accordingly
•Find out common pitfalls that prevent an effective forensic investigation of an incident
•Learn strategies for assessing the digital forensics capabilities of your organization’s incident management function
The Digital Forensic Certification Board exists to promote professionalism, trust and confidence in the digital forensics profession by providing professional certifications.
Digital Forensic Certified Practitioner (DFCP) Based on Experience
Digital Forensic Certified Associate (DFCA) Based on Experience
Digital Forensics and the PI Laws: What is happening, and what you can do to help!Read more >
The current institutional structure of police forensics gives each lab a monopoly in the analysis of the police evidence it receives.
Forensic scientists have inadequate incentives to produce reliable analyses of police evidence. We should have "competitive self regulation" for police forensics. Each jurisdiction would have several competing forensic labs. Sometimes, evidence would be divided and sent to three separate labs. Chance would determine which labs would receive evidence to analyze. Competitive self regulation improves forensics by creating incentives for error prevention, detection and correction. Surprisingly, it would also reduce the costs of running the criminal justice system.
The organization of forensic science creates inappropriate biases that will sometimes skew results from the truth. These biases exist even when forensic scientists are perfectly rational and untouched by the sort of psychological infirmities some researchers have emphasized.
Because perfectly rational actors are Bayesian updaters, we may use the term "Bayesian bias" to identify this organizational problem in forensics.
Incident response is changing. IR professionals and security teams consistently need tools that provide a deeper level of intelligence around threats impacting their environments. The capability to drill down into information on incidents upon alerts from other tools is critical when investigating root cause and ultimately impact.
CounterTack is dedicated to helping incident response and forensics teams leverage behavioral intelligence to track attacks and determine exactly how to work that knowledge into the response workflow. Leveraging behavioral traits and predictive analytics through its products, CounterTack understands the demands IR teams face for improving response time and accuracy.
This webinar will feature an interactive demonstration of exactly how an IR professional would leverage CounterTack’s industry-leading Responder PRO tool to reverse engineer key risk indicators. This demo will detail real-world uses of not just features in the solution, but show you how to investigate common and uncommon types of threats through a forensic lens.
Attendees of this session will receive a limited-time only incentive to buy Responder PRO.
As smartphones become more secure, what has changed for us forensically? What are the different types of security measures being deployed and how do these affect our processes? Which acquisition methods are best for secured devices? If you get an image of the device, can your current forensic methods provide you access for analysis? And most of all, will these security mechanisms keep your private data safe?
This presentation will go into detail on each of these topics and dive into ways around some of these security features on smartphones. White papers, tools (including open source) and methods written and developed by those in our community will be discussed. Don't let a smartphone "out smart" you - take the reigns of your investigation.
Dr Gareth Owenson is the course leader for the Forensic Computing programme at the University of Portsmouth. He teaches extensively in forensics, cryptography and malware analysis. His research expertise is in darknets, where he is presenting working on alternative approaches that may lead to novel applications of the blockchain. Gareth also has a strong interest in Memory Forensics, and undertakes work into application-agnostic extraction of evidence by using program analysis.
Gareth has a PhD in Computer Science (2007) and has taught at several Universities throughout the UK.
Phishing and Spear Phishing attacks are the number one starting point for most large data breaches. However, no traditional security technology is currently able to mitigate the risks associated with these type of threats. Join this webinar to learn why phishing attacks are so successful, what capabilities organizations need to carry out a forensic investigation and what questions you need to be able to answer following an attack to respond effectively.Read more >
Forensics: The DFCB and the ABA ResolutionRead more >
No one has ever said life as an incident response professional is easy. According to a number of sources, as many as 100,000 new malware threats are released every day.
Luckily, Responder PRO is here to help. With its powerful memory forensics and malware identification capabilities, Responder PRO allows incident response professionals to collect and analyze critical threat intelligence that can only be found in physical memory such as chat sessions, registry keys, encryption keys, and socket information. With this information, incident responders can effectively validate and respond to a security incident.
During our webinar we will walk through some of the newest and dirtiest pieces of malware around as we show you how Responder PRO can identify and analyze today’s most advanced threats in real-time.
By the time sophisticated cyber criminals gain access to your network, they may already possess incredible insight into the culture, infrastructure, security and day-to-day operations of your company. How are they able to obtain such information? Reconnaissance is the FIRST stage in remote exploitation performed in a targeted attack and can take place over a period of days, weeks or even years prior to the attacker ever delivering his first phishing email. Just what sensitive information has your company, your employees, your vendors or your customers made publicly available, either knowingly or inadvertently? Though a tweet or social media post may be harmless on its own, in aggregate, a company may suffer a weakened security posture if details such as key individuals, sensitive projects, financial projections and internal politics are disclosed in a public forum.This talk will focus on ways you can access and reduce your online disclosures. Take the "win" out of reconnaissance for the attacker by cutting off his pre-attack intelligence sources.Read more >
As attackers and attack vectors have evolved, more and more evidence pertaining to breaches and data exfiltration attacks exist only in traffic. In this presentation we'll discuss the newest attacks and demonstrate the attacks and associated network forensics to piece together how the attacks happened. We'll look at common "browse by" hacks, rootkit based exfiltration, and covert channel communications as the attack vectors and how to investigate them.Read more >
The use of web enabled devices has profoundly changed the world we live in. The average American now spends upwards of 10 hours per day in front of some form of electronic medium. More and more, the smart phone is becoming the device of choice to communicate, get news/information, and share social information on a real time basis. This is how people navigate through today's world and has had a significant behavioral impact as a result.
Internal Auditors can benefit greatly from understanding how to best integrate this new wealth of information in their audits and investigations. The future of both audits and investigations will need to rely more on technology but cannot neglect the impact and role of the “human element”. Points of particular interest include:
•social media searches to identify where someone has been and plans to be,
•location enabled services identifying where someone's phone (and presumably they) have been,
•devices and apps measuring and sharing individual’s mobility and activity,
•the trend towards this data going directly to the public cloud, and
•the emergence of the "internet of things".
Well-maintained perimeter defenses are a key part of any security strategy. Organizations increasingly recognize that they must also complement their perimeter defenses with strong forensics capabilities to investigate and analyze attacks. When attacked, an enterprise needs to be able to rapidly investigate and determine the scope and impact of the incident so they can effectively contain the threat and secure their network.
In interactive this session, you will learn about:
• The key use cases for network forensics
• The typical organization that acquires network forensics technologies
• How FireEye Enterprise Forensics enables the proper response to today’s cyber attacks
In February 2009, the National Research Council of the National Academies released its report entitled Strengthening Forensic Science in the United States: A Path Forward. The substantive findings underscore that many traditional forensic disciplines are in scientific crisis, having never been the subject of rigorous validation. This presentation outlines the major findings of the Report, and the impact it will have on the roles of prosecutors, defense attorneys and judges in the rapidly evolving scientific/legal landscape.Read more >