Breaches Be Crazy | Eric Capuano & Whitney Champion
ฝัง
- เผยแพร่เมื่อ 2 ต.ค. 2024
- Incident response is becoming difficult to manage in the era of large-scale breaches involving tens or even hundreds of compromised systems. Outdated techniques often leave responders spending countless hours simply imaging devices, losing precious time for analysis and actual investigation. We plan to discuss how we perform forensics analysis at scale across many systems using the triage acquisition tool Velociraptor coupled with the collaborative analysis tool Timesketch. This approach closes the gap from initial response to detailed analysis, by many hours, if not days for large breaches. Our approach is unique in that we have fully automated the entire process, all the way up to producing a multi-system timeline for the analyst. We'll give a deep dive on the fast and effective technique we've developed that takes even a large-scale IR from triage to analysis within a short number of hours.
View upcoming Summits: www.sans.org/u/DuS
Download the presentation slides (SANS account required) at www.sans.org/u...
#IncidentResponse #IR #Breach
Eric and Whitney always deliver great content, and this is no exception
New to the field as a DFE. Can this tool be used to scan devices for hash value files for CSAM material in LE investigations?
Although, PhotoDNA would be much more applicable to accurately finding csam. I imagine with proper approval, you could build PhotoDNA into velociraptor.
First
...is the worst; second is the best!
Thank you for sharing this insightful information. I am looking towards this profession experience to build towards my next career. 02sept23