Register now for SANS Cyber Defense Initiative 2016 and save $400.

Crystal City 2012

Arlington, VA | Thu, Sep 6 - Tue, Sep 11, 2012

SIFT Workstation - The Art of Incident Response

  • Rob Lee
  • Sunday, September 9th, 6:00pm - 7:00pm

An international team of forensics experts helped create the SANS Investigative Forensic Toolkit (SIFT) Workstation and made it available to the whole community as a public service. The free SIFT toolkit, that can match any modern forensic tool suite, is also featured in SANS' Advanced Computer Forensic Analysis and Incident Response course (FOR 508). It demonstrates that advanced investigations and responding to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated. The SANS Investigative Forensic Toolkit has become the most popular download on the SANS website. Over the past year, 20,000 individuals have downloaded the SIFT workstation and has become a staple in many organizations key tools to perform investigations.

Learn how to use the SIFT workstation during Incident response in an real case where APT-like adversaries have compromised an enterprise network. This session will demonstrate some of the key tools and capabilities of the suite. You will learn how to leverage this powerful tool in your incident response capability in your organizations.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Thursday, September 6
Session Speaker Time Type
General Session - Welcome to SANS Dr. Eric Cole Thursday, September 6th, 8:15am - 8:45am Special Events
Why our Defenses are Failing us. One Click is All it Takes... Bryce Galbraith Thursday, September 6th, 7:00pm - 8:00pm SANS@Night
Friday, September 7
Session Speaker Time Type
GIAC Program Overview Toby Gouker Friday, September 7th, 7:00pm - 8:00pm Special Events
SANS Technology Institute Brief Toby Gouker Friday, September 7th, 7:00pm - 8:00pm Special Events
Saturday, September 8
Session Speaker Time Type
Practical, Efficient Unix Auditing (With Scripts) James Tarala Saturday, September 8th, 6:00pm - 7:00pm SANS@Night
Sunday, September 9
Session Speaker Time Type
SIFT Workstation - The Art of Incident Response Rob Lee Sunday, September 9th, 6:00pm - 7:00pm SANS@Night
Why Do Organizations Get Compromised? Dr. Eric Cole Sunday, September 9th, 7:00pm - 9:00pm SANS@Night