Tech

Sniper Forensics: Reloaded


Expo Theatre (Hall G) October 23, 2012 - Feedback   

Bookmark and Share

Chris Pogue

The more things change, the more they stay the same. The first volley of Sniper Forensics presentations focused on single system forensic methodology, data acquisition, interpretation, and ultimately the identification of the Indicators of Compromise found in a breach. In this round, Sniper Forensics takes aim at the world of Incident Response with the same deadly accuracy that had made it the most efficient and effective investigative methodology of its time.

The attendees will be introduced to the common elements in Incident Response cases, to include the challenges of responding to environments with a widespread and diverse topology, multiple computing platforms and operating systems, and massive quantities of network logs and packet captures. Then they will be shown how the Sniper Forensics methodology can help them identify the key elements of the incident, generate potential targets, engage those targets, and eliminate them.

This material is both unique and insightful as it takes a an existing forensic methodology with a proven success record and adapts it to the complex world of incident response. As with the previous three talks, attendees will be able to walk out of the conference and immediately be able to implement their newly learned skills in their job responding to incidents within their own organizations.