iPad Air 2, Samsung Galaxy Tab A, or $350 Off with SANS Online Training Right Now!

Boston 2012

Boston, MA | Mon, Aug 6 - Sat, Aug 11, 2012
This event is over,
but there are more training opportunities.

SIFT Workstation - The Art of Incident Response

  • Rob Lee

An international team of forensics experts helped create the SANS Investigative Forensic Toolkit (SIFT) Workstation and made it available to the whole community as a public service. The free SIFT toolkit, that can match any modern forensic tool suite, is also featured in SANS' Advanced Computer Forensic Analysis and Incident Response course (FOR 508). It demonstrates that advanced investigations and responding to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated. The SANS Investigative Forensic Toolkit has become the most popular download on the SANS website. Over the past year, 20,000 individuals have downloaded the SIFT workstation and has become a staple in many organizations key tools to perform investigations.

Learn how to use the SIFT workstation during Incident response in an real case where APT-like adversaries have compromised an enterprise network. This session will demonstrate some of the key tools and capabilities of the suite. You will learn how to leverage this powerful tool in your incident response capability in your organizations.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Additional Sessions
Session Speaker Type
Infosec Rock Star: How to be a More Effective Security Professional Ted Demopoulos Special Events
GIAC Program Overview Special Events
SANS Technology Institute Brief Special Events
SIFT Workstation - The Art of Incident Response Rob Lee SANS@Night
What's New in Windows 8 and Server 2012? Jason Fossen SANS@Night
Monday, August 6
Session Speaker Time Type
General Session - Welcome to SANS Monday, August 6th, 8:15am - 8:45am Special Events
Keynote: Windows Exploratory Surgery with Process Hacker Jason Fossen Monday, August 6th, 7:15pm - 8:45pm Special Events