SANS presented materials from Digital Forensics & Incident Response Summit 2016.
- All About that (Data)Base
Matt Bromiley and Jacob Christie - Analyzing Dridex, Getting Owned by Dridez, and Bringing in the New Year with Locky
sudosev - CryptoLocker Ransomware Variants are Lurking In the Shadows; Learn How to Protect Against Them
Ryan Nolette - Defending a Cloud
Troy Larson, Microsoft Security Response Center – Azure - Deleted Evidence – Fill in the Map to Luke Skywalker
David Pany and Mary Singh - Dive into DSL – Digital Response Analysis with Elasticsearch
Brian Marks and Andrea Sancho Silgado - Expanding the Hunt – A Case Study in Pivoting Using Passive DNS and Full PCAP
Gene Stevens and Paul Vixie - FLOSS Every Day – Automatically Extracting Obfuscated Strings from Malware
William Ballenthin and Moritz Raabe - Hadoop Forensics
Kevvie Fowler - Hello Barbie Forensics
Andrew Blaich and Andrew Hay - Incident Response Playbook for Android and iOS
Andrew Hoog - iOS of Sauron – How iOS Tracks Everything You Do
Sarah Edwards - Leveraging Cyber Threat Intelligence in an Active Cyber Defense
Robert M. Lee and Erick Mandt - Plumbing the Depths – Windows Registry Internals
Eric Zimmerman - Potential for False Flag Operations in the DNC Hack
Jake Williams - Puzzle Solving and Science – The Secret Sauce of Innovation in Mobile Forensics
Crowley, Hoog, Leong, Mahalik, and Murphy - Rising from the Ashes – How to Rebuild a Security Program Gone Wrong…with Help from Taylor Swift
Shelly Giesbrecht and Mike Hracs - Rocking Your Windows EventID with ELK Stack
Rodrigo Ribeiro Montoro - Seeing Red – Improving Blue Teams with Red Teaming
- Start-Process PowerShell – Get Forensic Artifact
Jared Atkinson - stoQ’ing Your Splunk
Ryan Kovar and Marcus LaFerrera - To Automate or Not to Automate – That is the Incident Response Question
Brian Carrier - Tracking Threat Actors through YARA Rules and Virus Total
Kevin Perlow and Allen Swackhamer - Trust but Verify – Why, When and How
Mari DeGrazia - UAV Forensic Analysis
David Kovar - Using Endpoint Telemetry to Accelerate the Baseline
Keith McCammon - What Does my SOC Do – A Framework for Defining an InfoSec Ops Strategy
Austin Murphy - What Would You Say You Do Here – Redefining the Role of Intelligence in Investigation
Rebekah Brown, Rapid7 - Who Watches the Smart Watches
Brian Moran
