iPad Air 2, Samsung Galaxy Tab A, or $350 Off with SANS Online Training Right Now!

DFIRCON 2014

Monterey, CA | Wed, Mar 5 - Mon, Mar 10, 2014
This event is over,
but there are more training opportunities.

Malware Analysis Essentials Using REMnux

  • Lenny Zeltser
  • Thursday, March 6th, 6:00pm - 7:00pm

Though some tasks for analyzing Windows malware are best performed on Windows laboratory systems, there is a lot you can do on Linux with the help of free and powerful tools. REMnux is an Ubuntu distribution that incorporates many such utilities. This practical session presents some of the most useful REMnux tools. Lenny Zeltser, who teaches SANS' reverse-engineering malware course, will share how you can use the utilities installed on REMnux to:

  • Assess suspicious Windows executable files
  • Explore infection artifacts in a network capture file
  • Examine malicious document and media files

If you haven't experimented with Linux-based tools for malware analysis, you've been missing out. And if you've been meaning to begin exploring the field of malware analysis, this talk will help you get started.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Lunch & Learn: Short presentations given during the lunch break.
Additional Sessions
Session Speaker Type
GIAC Program Overview Rob Lee Special Events
SANS Technology Institute Open House Rob Lee Special Events
Wednesday, March 5
Session Speaker Time Type
Welcome to SANS Rob Lee Wednesday, March 5th, 8:15am - 8:45am Special Events
DFIReception - Forensicators Unite! Wednesday, March 5th, 6:00pm - 7:00pm Reception
Keynote: Have no fear - DFIR is here! Rob Lee, Chad Tilbury, Alissa Torres, Phil Hagen, and Lenny Zeltser Wednesday, March 5th, 7:00pm - 8:30pm SANS@Night
Thursday, March 6
Session Speaker Time Type
Malware Analysis Essentials Using REMnux Lenny Zeltser Thursday, March 6th, 6:00pm - 7:00pm SANS@Night
Panic! Hysteria! No malware required! John Strand Thursday, March 6th, 7:00pm - 8:00pm SANS@Night
There's *GOLD* in them thar package management databases! Phil Hagen Thursday, March 6th, 8:00pm - 9:00pm SANS@Night
Friday, March 7
Session Speaker Time Type
Sick Anti-Forensics Mechanisms in the Wild Alissa Torres Friday, March 7th, 6:00pm - 7:00pm SANS@Night
Forensic Handling of the iPhone 5c and 5s Heather Mahalik Friday, March 7th, 7:00pm - 8:00pm SANS@Night
Standards for Cyber Threat Intelligence Greg Farnham - Master's Degree Candidate Friday, March 7th, 7:00pm - 7:40pm Special Events
A 10 Second Journey: Parsing the structure of the Windows 8 Prefetch Artifact Jared Atkinson Friday, March 7th, 8:00pm - 9:00pm SANS@Night
Saturday, March 8
Session Speaker Time Type
GIAC/STI Overview Saturday, March 8th, 12:30pm - 1:15pm Lunch and Learn
Sunday, March 9
Session Speaker Time Type
Closing the Door on Web Shells Anuj Soni Sunday, March 9th, 7:00pm - 8:00pm SANS@Night