South Florida 2015

Fort Lauderdale, FL | Mon, Nov 9 - Sat, Nov 14, 2015

IR Event Log Analysis

  • Hal Pomeranz
  • Wednesday, November 11th, 7:15pm - 8:15pm

Windows event logs contain a bewildering variety of messages. But homing in on a few key events can quickly profile attacker activity. From administrator logins, to scheduled tasks, to entries related to system services, and more-- the event logs are a one-stop shop. Learn to "crack the code" and enhance your investigations by adding event log analysis to your toolset.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Lunch & Learn: Short presentations given during the lunch break.
Monday, November 9
Session Speaker Time Type
General Session - Welcome to SANS Bryan Simon Monday, November 9th, 8:15am - 8:45am Special Events
Smartphone and Network Forensics Goes Together Like Peas and Carrots Heather Mahalik and Phil Hagen Monday, November 9th, 7:15pm - 9:15pm Keynote
Tuesday, November 10
Session Speaker Time Type
DLP FAIL!!! Using Encoding, Steganography, and Covert Channels to Evade DLP and Other Critical Controls Kevin Fiscus Tuesday, November 10th, 7:15pm - 8:15pm SANS@Night
Bueller... Bueller...: Smartphone Forensics Moves Fast. Stay Current or Miss Evidence. Heather Mahalik Tuesday, November 10th, 8:15pm - 9:15pm SANS@Night
Wednesday, November 11
Session Speaker Time Type
Prevent - Detect - Respond Will Tipton, Security Engineer, Infogressive Wednesday, November 11th, 12:30pm - 1:15pm Lunch and Learn
F5 Networks Asks: In a world of encryption everywhere, how can you gain visibility into potential encrypted threats without breaking the bank? Tim Kambourelis, Sr. Field Systems Engineer, F5 Wednesday, November 11th, 12:30pm - 1:15pm Lunch and Learn
IR Event Log Analysis Hal Pomeranz Wednesday, November 11th, 7:15pm - 8:15pm SANS@Night
Wayback Machine Forensics/E-Discovery Evan Dygert Wednesday, November 11th, 8:15pm - 9:15pm SANS@Night
Thursday, November 12
Session Speaker Time Type
Bust a Cap in a Web App with ZAP Adrien de Beaupre Thursday, November 12th, 7:15pm - 8:15pm SANS@Night