When a breach happens, chaos ensues. However, for proactive organizations, a digital forensics capability can bring order to chaos and contribute to minimizing overall business impact. Digital forensics plays an integral role in any effective response to a security incident and in its aftermath.
Digital forensics investigations can help you:
•Assess which assets were compromised
•Determine what unauthorized activities were carried out
•Establish an appropriate mitigation strategy
•Assess impact to the organization for a variety of stakeholders
•Learn from previous incidents to adjust security strategy using your own threat intelligence
In this webcast, Randy Stone of the Dell SecureWorks’ Incident Response and Digital Forensics practice will share examples of how digital forensics techniques were used to understand threat actors, attack methods, and impact to organizations. Randy will highlight key operational and technical capabilities required to build and sustain a digital forensics function. He will share common mistakes made by response teams that inhibit the ability to investigate and determine the facts around an incident. Lastly, he will share tips and guidance for how organizations can assess the maturity of their digital forensics capabilities.
In this webcast, you will:
•Hear examples of previous incidents and how digital forensics techniques were used to assess impact and respond accordingly
•Find out common pitfalls that prevent an effective forensic investigation of an incident
•Learn strategies for assessing the digital forensics capabilities of your organization’s incident management function
The Digital Forensic Certification Board exists to promote professionalism, trust and confidence in the digital forensics profession by providing professional certifications.
Digital Forensic Certified Practitioner (DFCP) Based on Experience
Digital Forensic Certified Associate (DFCA) Based on Experience
The current institutional structure of police forensics gives each lab a monopoly in the analysis of the police evidence it receives.
Forensic scientists have inadequate incentives to produce reliable analyses of police evidence. We should have "competitive self regulation" for police forensics. Each jurisdiction would have several competing forensic labs. Sometimes, evidence would be divided and sent to three separate labs. Chance would determine which labs would receive evidence to analyze. Competitive self regulation improves forensics by creating incentives for error prevention, detection and correction. Surprisingly, it would also reduce the costs of running the criminal justice system.
Digital Forensics and the PI Laws: What is happening, and what you can do to help!Read more >
The organization of forensic science creates inappropriate biases that will sometimes skew results from the truth. These biases exist even when forensic scientists are perfectly rational and untouched by the sort of psychological infirmities some researchers have emphasized.
Because perfectly rational actors are Bayesian updaters, we may use the term "Bayesian bias" to identify this organizational problem in forensics.
As smartphones become more secure, what has changed for us forensically? What are the different types of security measures being deployed and how do these affect our processes? Which acquisition methods are best for secured devices? If you get an image of the device, can your current forensic methods provide you access for analysis? And most of all, will these security mechanisms keep your private data safe?
This presentation will go into detail on each of these topics and dive into ways around some of these security features on smartphones. White papers, tools (including open source) and methods written and developed by those in our community will be discussed. Don't let a smartphone "out smart" you - take the reigns of your investigation.
Forensics: The DFCB and the ABA ResolutionRead more >
No one has ever said life as an incident response professional is easy. According to a number of sources, as many as 100,000 new malware threats are released every day.
Luckily, Responder PRO is here to help. With its powerful memory forensics and malware identification capabilities, Responder PRO allows incident response professionals to collect and analyze critical threat intelligence that can only be found in physical memory such as chat sessions, registry keys, encryption keys, and socket information. With this information, incident responders can effectively validate and respond to a security incident.
During our webinar we will walk through some of the newest and dirtiest pieces of malware around as we show you how Responder PRO can identify and analyze today’s most advanced threats in real-time.
By the time sophisticated cyber criminals gain access to your network, they may already possess incredible insight into the culture, infrastructure, security and day-to-day operations of your company. How are they able to obtain such information? Reconnaissance is the FIRST stage in remote exploitation performed in a targeted attack and can take place over a period of days, weeks or even years prior to the attacker ever delivering his first phishing email. Just what sensitive information has your company, your employees, your vendors or your customers made publicly available, either knowingly or inadvertently? Though a tweet or social media post may be harmless on its own, in aggregate, a company may suffer a weakened security posture if details such as key individuals, sensitive projects, financial projections and internal politics are disclosed in a public forum.This talk will focus on ways you can access and reduce your online disclosures. Take the "win" out of reconnaissance for the attacker by cutting off his pre-attack intelligence sources.Read more >
As attackers and attack vectors have evolved, more and more evidence pertaining to breaches and data exfiltration attacks exist only in traffic. In this presentation we'll discuss the newest attacks and demonstrate the attacks and associated network forensics to piece together how the attacks happened. We'll look at common "browse by" hacks, rootkit based exfiltration, and covert channel communications as the attack vectors and how to investigate them.Read more >
Well-maintained perimeter defenses are a key part of any security strategy. Organizations increasingly recognize that they must also complement their perimeter defenses with strong forensics capabilities to investigate and analyze attacks. When attacked, an enterprise needs to be able to rapidly investigate and determine the scope and impact of the incident so they can effectively contain the threat and secure their network.
In interactive this session, you will learn about:
• The key use cases for network forensics
• The typical organization that acquires network forensics technologies
• How FireEye Enterprise Forensics enables the proper response to today’s cyber attacks
In February 2009, the National Research Council of the National Academies released its report entitled Strengthening Forensic Science in the United States: A Path Forward. The substantive findings underscore that many traditional forensic disciplines are in scientific crisis, having never been the subject of rigorous validation. This presentation outlines the major findings of the Report, and the impact it will have on the roles of prosecutors, defense attorneys and judges in the rapidly evolving scientific/legal landscape.Read more >
What is computer forensics? How many people typically work on a project … what can they do remotely … when is it better for them to come onsite? And what about those strange terms – the bits and bots and binaries? Join Kroll expert Jonathan Fairtlough to learn about how computer forensics works, and what it can show you in your quest to know what’s going on with your data.Read more >
Analysis of the registry greatly aids in a number of investigative processes due to the amount and type of information stored. For example, when examining user activity, the registry can reveal installed applications, recently viewed documents, login, browser history, and removable device activity, and much more. The registry can also provide a wealth of information during malware analysis including signs of the initial infection, changes made to the system by the malware, and evidence of persistence mechanisms used.
In this webinar we will discuss how to acquire the registry and its files from both disk and memory followed by how to analyze the acquired files. This will involve using several tools and understanding the evidence presented to us by them. By the end of the webinar, attendees will understand the importance of registry forensics, and have been shown several processes as well free/open source tools used to perform deep registry analysis. The knowledge gained will be immediately usable within real-world forensics investigation and give insight into the power of registry forensics to systems administrators, managers, and IT executives.
Nobody wants to fall sick, and yet we all do. By the same token, nobody expects their systems to be breached, and yet it happens. When that happens, companies need a blend of Digital Forensics and Incident Response expertise to deal with the incident. However, the distinction between these two related but different services and their roles in responding to a breach are often not clear to the victims of the breach. In this session, Vivek Chudgar, Director of FireEye Labs (APAC), will explain the key differences between Digital Forensics and Incident Response and demystify the role each service plays in effectively responding to a breach.Read more >
Today’s breed of attacker is not looking to be a short-term and visible nuisance. They utilize stealthy and sophisticated malware that is designed to be difficult to detect and distinguish from legitimate traffic patterns. Once embedded in the network, these attackers may stay inactive for months before using compromised hosts to attack other parts of the organization including point of sale machines, ATMs and backend servers and to ultimately exfiltrate sensitive data.
In order to really understand subtle, targeted attacks financial enterprise security teams need a complete record of all network traffic. Security analytics that leverages big data technologies allows security teams to collect and store all the traffic entering and leaving the corporate network. The goal is to be able to play, pause and rewind network data, view attacks and attackers from different perspectives, identify zero day attacks and pinpoint data exfiltration. Security analytics can help speed forensic analysis to determine effectiveness of controls, tighten security for better future protection and to support compliance requirements.
Attend this webcast to hear from Scott Crane, founder of Packetloop, recently acquired by Arbor Networks and learn:
• How using security analytics can help detect real-time or pre-existing attacks
• How security analytics can be a force multiplier, making network and security teams the experts
• How providing a richer picture into networks and more security context can help you solve problems faster and reduce the risk to your business
• How to lower the barrier to entry for organizations looking to deploy and operate security analytics