Your organizations information is at risk. Learn how to protect it at SANS Minneapolis - August 12-17.

London June 2018

London, United Kingdom | Mon, Jun 4 - Tue, Jun 12, 2018
This event is over,
but there are more training opportunities.

The Forensic World of Windows 10 Updates

  • Alissa Torres
  • Tuesday, June 5th, 7:00pm - 8:00pm

As digital forensics/incident response (DFIR) professionals, we must constantly train to survive!

The pace of Windows 10 updates has been breakneck, with some impressive (and not so impressive) changes. Introduction of enhanced user experience and security features such as Timeline, Cloud Clipboard, Sets, Cortana and Edge integrations and WSL (Windows Subsystem for Linux) have created some incredible new artifacts for investigation. In the newest versions of Windows 10, some of the foundational evidentiary artifacts used to determine program execution, file modification and access and browsing history have shifted and/or expanded. As the prevalence of Windows 10 continues to grow, investigators are required to deep dive into unknown territory, encountering new applications and forensic artifacts. Success will depend on the ability to define normal and spot anomalies. Will you know what normal looks like and where to find it? Alissa will introduce attendees to some direct applications of "Know Normal: Find Evil" for Windows 10 analysis as well as ways to sidestep several time-wasting rabbit holes.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Monday, June 4
Session Speaker Time Type
So, You Wanna Be a Pentester? Adrien de Beaupre Monday, June 4th, 6:00pm - 7:00pm SANS@Night
Weaponizing Memory Leak Bugs Stephen Sims Monday, June 4th, 7:00pm - 8:00pm SANS@Night
Tuesday, June 5
Session Speaker Time Type
Danger Stewards - Measuring Risk and Predicting the Future for Fun and Profit Doc Blackburn Tuesday, June 5th, 6:00pm - 7:00pm SANS@Night
The Forensic World of Windows 10 Updates Alissa Torres Tuesday, June 5th, 7:00pm - 8:00pm SANS@Night