Incident Response and Forensics In The Cloud
- Paul Henry, SANS Senior Instructor
- Tuesday, March 11th, 7:15pm - 9:00pm
We are pleased to acknowledge the ISACA Singapore Chapter as the co-sponsor of this event.
Grand Ballroom Two, 4th Floor
Grand Copthorne Waterfront Hotel
392 Havelock Road
Attendance at this event is free of charge however seating is limited and has been filled. If you have not already registered for this event, there is no longer space available.
The move to private and public cloud changes many things, including how we respond for IR and forensics. As an example: traditionally in a physical realm we relied upon imaging a server's hard drive as well as RAM to perform a thorough analysis. Today in the cloud, creating a forensically sound image of an "instance" of a server to capture the server's abstracted hard disk and an image of its RAM brings new technical and legal complications. An additional issue to consider is that some vendors platforms are simply not fully supported by our current IR & forensics tools; today's commercial tools lack the ability to perform any analysis at all on a VMware VMFS file system. Lastly, downloading a large server image may simply be cost prohibitive due to the high bandwidth costs associated with moving data out of the cloud environment.
The best course of action may be to perform your analysis within the cloud - however, the methods used in the analysis within the cloud must be forensically sound and as always in computer forensics, they must be repeatable and the result must be the same findings. In this session we will begin to explore the changes that simply must be made to your IR and forensics procedures to properly address IR & forensics in the cloud.
Paul Henry is a Senior Instructor with the SANS Institute and one of the world's foremost global information security and computer forensic experts with more than 20 years' experience managing security initiatives for Global 2000 enterprises and government organizations worldwide.
Paul is a principal at vNet Security, LLC and is keeping a finger on the pulse of network security as the security and forensic analyst at Lumension Security.
Throughout his career, Paul has played a key strategic role in launching new network security initiatives to meet our ever-changing threat landscape. Paul also advises and consults on some of the world's most challenging and high-risk information security projects, including the National Banking System in Saudi Arabia, the Reserve Bank of Australia, the Department of Defense's Satellite Data Project (USA), and both government as well as telecommunications projects throughout Southeast Asia.
Paul is frequently cited by major and trade print publications as an expert in computer forensics, technical security topics, and general security trends and serves as an expert commentator for network broadcast outlets, such as FOX, NBC, CNN, and CNBC. In addition, Paul regularly authors thought leadership articles on technical security issues, and his expertise and insight help shape the editorial direction of key security publications, such as the Information Security Management Handbook, where he is a consistent contributor. Paul serves as a featured and keynote speaker at seminars and conferences worldwide, delivering presentations on diverse topics including anti-forensics, network access control, cyber crime, DDoS attack risk mitigation, firewall architectures, security architectures, and managed security services.
Paul will be teaching Forensics 585: Advanced Smartphone and Mobile Device Forensics at SANS Secure Singapore (10-15 March, 2014) https://www.sans.org/event/singapore-2014
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Tuesday, March 11
|Incident Response and Forensics In The Cloud||Paul Henry, SANS Senior Instructor||Tuesday, March 11th, 7:15pm - 9:00pm||SANS@Night|
Thursday, March 13
|Advanced Exploit Writing: Use-After-Free Vulnerabilities||Stephen Sims, SANS Senior Instructor||Thursday, March 13th, 5:45pm - 7:30pm||SANS@Night|