OnDemand + GIAC - Get your Certification Attempt Included for a Limited Time!

Prague, Czech Republic | Sun, Oct 7 - Sat, Oct 13, 2012
This event is over,
but there are more training opportunities.

SIFT Workstation - The Art of Incident Response

  • Rob Lee
  • Monday, October 8th, 6:00pm - 7:00pm

An international team of forensics experts helped create the SANS Investigative Forensic Toolkit (SIFT) Workstation and made it available to the whole community as a public service. The free SIFT toolkit, that can match any modern forensic tool suite, is also featured in SANS' Advanced Computer Forensic Analysis and Incident Response course (FOR 508). It demonstrates that advanced investigations and responding to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated. The SANS Investigative Forensic Toolkit has become the most popular download on the SANS website. Over the past year, 20,000 individuals have downloaded the SIFT workstation and has become a staple in many organizations key tools to perform investigations.

Learn how to use the SIFT workstation during Incident response in an real case where APT-like adversaries have compromised an enterprise network. This session will demonstrate some of the key tools and capabilities of the suite. You will learn how to leverage this powerful tool in your incident response capability in your organizations.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Monday, October 8
Session Speaker Time Type
SIFT Workstation - The Art of Incident Response Rob Lee Monday, October 8th, 6:00pm - 7:00pm SANS@Night
Wednesday, October 10
Session Speaker Time Type
Big Brother Forensics: Location-based Artifacts Chad Tilbury Wednesday, October 10th, 6:00pm - 7:00pm SANS@Night
Thursday, October 11
Session Speaker Time Type
IT Security 101 Oversights = Compromise + Poor Incident Evidence Steve Armstrong Thursday, October 11th, 6:00pm - 7:00pm SANS@Night