There's *GOLD* in them thar package management databases!
- Phil Hagen
- Thursday, March 6th, 8:00pm - 9:00pm
There is a lot of useful file metadata stored in package management databases for popular Linux distributions. The RedHat Package Manager (RPM) and Debian's dpkg are two examples. We'll focus on how to leverage RPM in forensic investigations, as it can provide a quick and effective way to find changed files that warrant more in-depth analysis. We'll also discuss potential shortfalls to consider in using this method.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Lunch & Learn: Short presentations given during the lunch break.
|Welcome to SANS
||Wednesday, March 5th, 8:15am - 8:45am
|DFIReception - Forensicators Unite!
||Wednesday, March 5th, 6:00pm - 7:00pm
|Keynote: Have no fear - DFIR is here!
||Rob Lee, Chad Tilbury, Alissa Torres, Phil Hagen, and Lenny Zeltser
||Wednesday, March 5th, 7:00pm - 8:30pm
||Saturday, March 8th, 12:30pm - 1:15pm
||Lunch and Learn