Secure Singapore 2014

Singapore, Singapore | Mon, Mar 10 - Sat, Mar 15, 2014

Incident Response and Forensics In The Cloud

  • Paul Henry, SANS Senior Instructor
  • Tuesday, March 11th, 7:15pm - 9:00pm

We are pleased to acknowledge the ISACA Singapore Chapter as the co-sponsor of this event.

19:15-20:00 Registration

20:00-21:00 Presentation

Location:

Grand Ballroom Two, 4th Floor

Grand Copthorne Waterfront Hotel

392 Havelock Road

Singapore

Attendance at this event is free of charge however seating is limited and has been filled. If you have not already registered for this event, there is no longer space available.

The move to private and public cloud changes many things, including how we respond for IR and forensics. As an example: traditionally in a physical realm we relied upon imaging a server's hard drive as well as RAM to perform a thorough analysis. Today in the cloud, creating a forensically sound image of an "instance" of a server to capture the server's abstracted hard disk and an image of its RAM brings new technical and legal complications. An additional issue to consider is that some vendors platforms are simply not fully supported by our current IR & forensics tools; today's commercial tools lack the ability to perform any analysis at all on a VMware VMFS file system. Lastly, downloading a large server image may simply be cost prohibitive due to the high bandwidth costs associated with moving data out of the cloud environment.

The best course of action may be to perform your analysis within the cloud - however, the methods used in the analysis within the cloud must be forensically sound and as always in computer forensics, they must be repeatable and the result must be the same findings. In this session we will begin to explore the changes that simply must be made to your IR and forensics procedures to properly address IR & forensics in the cloud.

Presenter Bio:

Paul Henry is a Senior Instructor with the SANS Institute and one of the world's foremost global information security and computer forensic experts with more than 20 years' experience managing security initiatives for Global 2000 enterprises and government organizations worldwide.

Paul is a principal at vNet Security, LLC and is keeping a finger on the pulse of network security as the security and forensic analyst at Lumension Security.

Throughout his career, Paul has played a key strategic role in launching new network security initiatives to meet our ever-changing threat landscape. Paul also advises and consults on some of the world's most challenging and high-risk information security projects, including the National Banking System in Saudi Arabia, the Reserve Bank of Australia, the Department of Defense's Satellite Data Project (USA), and both government as well as telecommunications projects throughout Southeast Asia.

Paul is frequently cited by major and trade print publications as an expert in computer forensics, technical security topics, and general security trends and serves as an expert commentator for network broadcast outlets, such as FOX, NBC, CNN, and CNBC. In addition, Paul regularly authors thought leadership articles on technical security issues, and his expertise and insight help shape the editorial direction of key security publications, such as the Information Security Management Handbook, where he is a consistent contributor. Paul serves as a featured and keynote speaker at seminars and conferences worldwide, delivering presentations on diverse topics including anti-forensics, network access control, cyber crime, DDoS attack risk mitigation, firewall architectures, security architectures, and managed security services.

Paul will be teaching Forensics 585: Advanced Smartphone and Mobile Device Forensics at SANS Secure Singapore (10-15 March, 2014) https://www.sans.org/event/singapore-2014

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Tuesday, March 11
Session Speaker Time Type
Incident Response and Forensics In The Cloud Paul Henry, SANS Senior Instructor Tuesday, March 11th, 7:15pm - 9:00pm SANS@Night
Thursday, March 13
Session Speaker Time Type
Advanced Exploit Writing: Use-After-Free Vulnerabilities Stephen Sims, SANS Senior Instructor Thursday, March 13th, 5:45pm - 7:30pm SANS@Night