4 Days left to get a GIAC Certification Attempt Included with Online Training - Register Today!

Press


SANS Institute Makes it Easier for Forensic Investigators to Monitor Insider Threats

Revamped Memory Analysis Course Helps Practitioners Stay Ahead of Insiders

  • Bethesda, MD
  • April 30, 2014

To provide digital forensic and incident response (DFIR) professionals with a more exact and efficient way to investigate advanced attacks, SANS Institute today announced a complete revamp of its SANS FOR526: Memory Analysis In-Depth course. The significantly modified course places greater emphasis on the practitioner, arming analysts with cutting-edge memory analysis techniques that will have a better chance of detecting and stopping a breach, guarding against data theft and PII disclosure.

"Insider threats have become increasingly more advanced, yet they continue to be ignored as the focus remains primarily on external threats," said Jake Williams (@MalwareJake), SANS Instructor. "Fortunately for investigators, monitoring the insider may be as easy as using memory forensics. The revamped Memory Analysis course focuses on tasks that practitioners should regularly perform, providing investigators with the skills necessary to identify compromised endpoints and the knowledge to determine which of these endpoints holds the most critical data."

Adding memory forensics techniques to the IR team's repertoire delivers greater ROI than any other investigative technique. Often, forensics technicians have discovered actionable results from memory forensics before the disk image is even complete. This week-long course provides students with the most effective and immediately useful skillset for incident responders and forensics examiners alike. The skills they will learn are changing the very response processes their security teams are using in the trenches. As a key element of the SANS Digital Forensics and Incident Response Curriculum, the Memory Analysis course delivers the most critical skills for triaging and responding to a potential compromise. This cutting-edge course covers everything you need to implement memory analysis like a pro.

"Whether capturing system memory, extracting a hibernation file or tearing apart a crash dump, a forensic examiner has multiple ways to see active processes as they were running on a system," said Alissa Torres, SANS Instructor and course author of FOR526. "In investigations from malware infections to acceptable use policy violations, catching suspicious binaries in action is central to the most challenging cases in forensics today. Memory Forensics gives examiners access to this evidence and often provides the initial thread that, when followed, unravels the story of the entire investigation."

The updated FOR526 course is available both live and online:
vLive Online - May 27 - Jun 26, 2014
http://www.sans.org/info/158075

SANS Capital City - July 7th - 11th, 2014
http://www.sans.org/info/158080

SANS San Antonio - August 11th - 16th, 2014
http://www.sans.org/info/158085

For more information about SANS FOR526: Memory Analysis In-Depth, including course locations and dates, or to register, please visit http://www.sans.org/info/157765

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 30 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (https://www.sans.org)