Breaches Be Crazy | Eric Capuano & Whitney Champion
ฝัง
- เผยแพร่เมื่อ 6 ก.พ. 2025
- Incident response is becoming difficult to manage in the era of large-scale breaches involving tens or even hundreds of compromised systems. Outdated techniques often leave responders spending countless hours simply imaging devices, losing precious time for analysis and actual investigation. We plan to discuss how we perform forensics analysis at scale across many systems using the triage acquisition tool Velociraptor coupled with the collaborative analysis tool Timesketch. This approach closes the gap from initial response to detailed analysis, by many hours, if not days for large breaches. Our approach is unique in that we have fully automated the entire process, all the way up to producing a multi-system timeline for the analyst. We'll give a deep dive on the fast and effective technique we've developed that takes even a large-scale IR from triage to analysis within a short number of hours.
View upcoming Summits: www.sans.org/u/DuS
Download the presentation slides (SANS account required) at www.sans.org/u...
#IncidentResponse #IR #Breach
