Ending Soon! Online Training Special Offer: Get iPad Pro w/ Smart Keyboard, HP ProBook, or $350 Off through July 24!

Talk: The Light Side of the Force: PowerShell for Incident Handlers

To register for this talk, please login to your SANS account. If you are not part of the SANS.org Community, become a member by joining today and then return to this page to register for this talk.

  • Speakers:
    Steve Anson
    July 24, 2019 (6:00 - 7:30 pm)


    Amcham (American Chamber of Commerce) Philippines
    2nd Floor, Corinthian Plaza Building
    121 Paseo de Roxas
    Makati City


18:00-18:30 Registration

18:30-19:30 Presentation

With all the talk about using PowerShell for offense, it's time to give incident response teams a dose of the force and illustrate ways in which PowerShell can make your life easier. Get a PowerShell primer and learn how to build system baselines, threat hunt, look for indicators of compromise, efficiently parse event logs, and automate many other network defense operations. Additional details available at www.AppliedIncidentResponse.com.

Steve Anson, SANS Certified Instructor

Steve Anson is a Director with Forward Defense.  Since 2007, Steve has provided strategic and tactical advice to a diverse range of global clientele in the areas of incident response, digital forensics, and network security.

Steve was a special agent with the Department of Defense Criminal Investigative Service, where he investigated cyberattacks against its global Information grid, the world's largest computer network. In this role, he oversaw international computer crime investigations with substantial impact to America's national security.

Throughout his career, Steve has received a number of industry credentials, which include: Certified Information Systems Security Professional (CISSP), EnCase Certified Examiner (EnCE), Cellebrite Certified Mobile Examiner (CCME), Department of Defense Certified Computer Crime Investigator,  Seized Computer Evidence Recovery Specialist (SCERS), GIAC Certified Incident Handler (GCIH) and GIAC Penetration Tester (GPEN) . He has served as an Adjunct Professor for George Washington University's Master of Computer Forensics program, and is a certified Lead Assessor for laboratory competence in ISO 17025:2005 with the American Association for Laboratory Accreditation.

Steve holds an MS in Computer Science and is the co-author of Mastering Windows Network Forensics and Investigations from Wiley Publishing.

He hosts free resources for IT Security professionals at www.AppliedIncidentResponse.com.