View analytic
Thursday, May 15 • 1:30pm - 5:30pm
Intermediate Computer Forensic Analysis - Workshop 3, Afternoon Session

Sign up or log in to save this to your schedule and see who's attending!

In this hands-on lab, we will approaches for analyzing various types of electronic evidence. 
Attendees will develop an understanding of what evidence can be retrieved from a disk image, memory image and log data and how to recognize evidence related to unauthorized activity.

Memory analysis techniques will cover analyzing injected processes, creation of IOC’s from indicators in memory and creating timelines from memory images.  Disk analysis will cover techniques to identify when malware was created on the system, when it was executed, identifying signs of lateral movement and other internal reconnaissance activities.  Log analysis techniques will help attendees identify scope of external threat activity and what tools may have been deployed and how were they used to access additional resources.

Attendees will learn how to analyze:

·        Process lists 
·        Network connections 
·        Registry keys used for persistence 
·        Files used by malware 
·        Process injected binaries 
·        Identify configuration files used my malware

avatar for Jeffrey Dye

Jeffrey Dye

Manager, Advisory - Forensics, PwC
Jeffrey is a Manager in the Advisory-Forensics practice at PwC with 6 years of experience in the fields of forensic investigations, malware capability, cybercrime and information security consulting. | | He has led multiple computer forensic investigations dealing with PCI/PII... Read More →

Thursday May 15, 2014 1:30pm - 5:30pm
Salon 6B

Attendees (0)