SIFT Workstation - The Art of Incident Response
- Rob Lee
An international team of forensics experts helped create the SANS Investigative Forensic Toolkit (SIFT) Workstation and made it available to the whole community as a public service. The free SIFT toolkit, that can match any modern forensic tool suite, is also featured in SANS' Advanced Computer Forensic Analysis and Incident Response course (FOR 508). It demonstrates that advanced investigations and responding to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated. The SANS Investigative Forensic Toolkit has become the most popular download on the SANS website. Over the past year, 20,000 individuals have downloaded the SIFT workstation and has become a staple in many organizations key tools to perform investigations.
Learn how to use the SIFT workstation during Incident response in an real case where APT-like adversaries have compromised an enterprise network. This session will demonstrate some of the key tools and capabilities of the suite. You will learn how to leverage this powerful tool in your incident response capability in your organizations.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
|Infosec Rock Star: How to be a More Effective Security Professional||Ted Demopoulos||Special Events|
|GIAC Program Overview||—||Special Events|
|SANS Technology Institute Brief||—||Special Events|
|SIFT Workstation - The Art of Incident Response||Rob Lee||SANS@Night|
|What's New in Windows 8 and Server 2012?||Jason Fossen||SANS@Night|
Monday, August 6
|General Session - Welcome to SANS||—||Monday, August 6th, 8:15am - 8:45am||Special Events|
|Keynote: Windows Exploratory Surgery with Process Hacker||Jason Fossen||Monday, August 6th, 7:15pm - 8:45pm||Special Events|