Ending Soon: Get a MacBook Air or Surface Pro 7 with 5 or 6 Day Training - Best Offers of the Year!

Security East 2017

New Orleans, LA | Mon, Jan 9 - Sat, Jan 14, 2017
This event is over,
but there are more training opportunities.

Zero In on the Artifacts That Matter

  • Matt Bromiley
  • Wednesday, January 11th, 8:15pm - 9:15pm

Investigators don't have it easy these days. Between finding a single needle in multiple haystacks and trying to stop every attacker before they enter the network, there can be an overwhelming amount of data to parse through. It's time to focus in on capturing and analyzing the artifacts that matter.

In this @Night series, Matt Bromiley will examine artifacts of program execution that can be used in your next investigation or hunt to determine whether a program was executed. Focusing on native Windows artifacts, this presentation will dig deep on what these artifacts mean, how to interpret the results, and what next steps may be.

We will tackle capturing these artifacts from a single system or en masse from an enterprise, and how to scale analysis from one to many. This presentation will be helpful for investigators and hunters alike, as we will also discuss how to examine artifacts to look for outliers and anomalies within an environment.

As the old saying goes, "Malware can hide, but it must run!" Let's go catch it.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Monday, January 9
Session Speaker Time Type
General Session - Welcome to SANS Paul Henry Monday, January 9th, 8:00am - 8:30am Special Events
The Current Reality: Defending a Compromised Network Eric Cole Monday, January 9th, 7:15pm - 9:15pm Keynote
Tuesday, January 10
Session Speaker Time Type
Actionable Detects: Blue Team Cyber Defense Tactics Seth Misenar Tuesday, January 10th, 7:15pm - 8:15pm SANS@Night
Wednesday, January 11
Session Speaker Time Type
Infosec State of the Union Jake Williams Wednesday, January 11th, 7:15pm - 8:15pm SANS@Night
Zero In on the Artifacts That Matter Matt Bromiley Wednesday, January 11th, 8:15pm - 9:15pm SANS@Night
Thursday, January 12
Session Speaker Time Type
HTTPDeux Adrien de Beaupre Thursday, January 12th, 7:15pm - 8:15pm SANS@Night