Abstract

How to become an Incident Response Rockstar? After conducting hundreds of Incident Response cases, more data is not always better. Focusing on the most relevant forensic data can speed up the investigation process rapidly. In this talk, we will discuss the importance of various event logs to track down lateral movement paths from the attackers, how to find planted (and seemingly legitimate) backdoors, and how you can work smarter, not harder - which also holds true in digital forensics. As a bonus, we will discuss less-known artifacts like MPLogs and the bitmap cache. By attending this talk, participants will be better and more efficient Incident Responders as they can focus on key aspects of an investigation.

Youtube Video

Not recorded.