SIFT Workstation - The Art of Incident Response
- Rob Lee
- Sunday, September 9th, 6:00pm - 7:00pm
An international team of forensics experts helped create the SANS Investigative Forensic Toolkit (SIFT) Workstation and made it available to the whole community as a public service. The free SIFT toolkit, that can match any modern forensic tool suite, is also featured in SANS' Advanced Computer Forensic Analysis and Incident Response course (FOR 508). It demonstrates that advanced investigations and responding to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated. The SANS Investigative Forensic Toolkit has become the most popular download on the SANS website. Over the past year, 20,000 individuals have downloaded the SIFT workstation and has become a staple in many organizations key tools to perform investigations.
Learn how to use the SIFT workstation during Incident response in an real case where APT-like adversaries have compromised an enterprise network. This session will demonstrate some of the key tools and capabilities of the suite. You will learn how to leverage this powerful tool in your incident response capability in your organizations.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.