Register now for SANS Cyber Defense Initiative 2016 and save $400.

DFIRCON 2014

Monterey, CA | Wed, Mar 5 - Mon, Mar 10, 2014

There's *GOLD* in them thar package management databases!

  • Phil Hagen
  • Thursday, March 6th, 8:00pm - 9:00pm

There is a lot of useful file metadata stored in package management databases for popular Linux distributions. The RedHat Package Manager (RPM) and Debian's dpkg are two examples. We'll focus on how to leverage RPM in forensic investigations, as it can provide a quick and effective way to find changed files that warrant more in-depth analysis. We'll also discuss potential shortfalls to consider in using this method.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Lunch & Learn: Short presentations given during the lunch break.
Additional Sessions
Session Speaker Type
GIAC Program Overview Rob Lee Special Events
SANS Technology Institute Open House Rob Lee Special Events
Wednesday, March 5
Session Speaker Time Type
Welcome to SANS Rob Lee Wednesday, March 5th, 8:15am - 8:45am Special Events
DFIReception - Forensicators Unite! Wednesday, March 5th, 6:00pm - 7:00pm Reception
Keynote: Have no fear - DFIR is here! Rob Lee, Chad Tilbury, Alissa Torres, Phil Hagen, and Lenny Zeltser Wednesday, March 5th, 7:00pm - 8:30pm SANS@Night
Thursday, March 6
Session Speaker Time Type
Malware Analysis Essentials Using REMnux Lenny Zeltser Thursday, March 6th, 6:00pm - 7:00pm SANS@Night
Panic! Hysteria! No malware required! John Strand Thursday, March 6th, 7:00pm - 8:00pm SANS@Night
There's *GOLD* in them thar package management databases! Phil Hagen Thursday, March 6th, 8:00pm - 9:00pm SANS@Night
Friday, March 7
Session Speaker Time Type
Sick Anti-Forensics Mechanisms in the Wild Alissa Torres Friday, March 7th, 6:00pm - 7:00pm SANS@Night
Forensic Handling of the iPhone 5c and 5s Heather Mahalik Friday, March 7th, 7:00pm - 8:00pm SANS@Night
Standards for Cyber Threat Intelligence Greg Farnham - Master's Degree Candidate Friday, March 7th, 7:00pm - 7:40pm Special Events
A 10 Second Journey: Parsing the structure of the Windows 8 Prefetch Artifact Jared Atkinson Friday, March 7th, 8:00pm - 9:00pm SANS@Night
Saturday, March 8
Session Speaker Time Type
GIAC/STI Overview Saturday, March 8th, 12:30pm - 1:15pm Lunch and Learn
Sunday, March 9
Session Speaker Time Type
Closing the Door on Web Shells Anuj Soni Sunday, March 9th, 7:00pm - 8:00pm SANS@Night