Don't Miss Out on the Best Specials of the Year Available Now - Top Training, Top Instruction!


To attend this webcast, login to your SANS Account or create your Account.

SANS Asia-Pacific Series: APT Investigations HOWTO - The Forensic Side

  • Monday, February 10, 2014 at 7:00 PM EST (2014-02-11 00:00:00 UTC)
  • Jess Garcia


  • AISA

You can now attend the webcast using your mobile device!



We are pleased to acknowledge the Australian Information Security Association (AISA) as the sponsor of this webcast.

APT (Advanced Persistent Threat) incidents, and their corresponding forensic investigations, constitute a big challenge from the technical point of view. It's not easy to deal with an investigation in which dozens or even hundreds of systems have been compromised, and where attackers may use sophisticated strategies to go unnoticed.

Dealing with that complexity often requires deep computer forensics knowledge (on top of a great dose of intuition and creativity), which must be combined and coordinated in a way which is not commonly found in the average Incident Responder: registry, filesystem, memory, timelines/supertimelines, shadow volumes, malware analysis, network forensics, mobile devices forensics, etc.

In this presentation, based on Jess Garcia's experience leading his IR Team at One eSecurity in massive APT investigations during the last few years, he will discuss which tools and techniques are used in a typical APT incident, and how Incident Responders can combine them to get the best results in the real world.

Speaker Bio

Jess Garcia

Jess Garcia, founder of One eSecurity, is a senior security engineer with over 15 years of experience in information security. During the last five years Jess has worked on highly sensitive projects in Europe, the United States, Latin America, and the Middle East with top global customers in the financial, insurance, corporate, media, health, communications, legal, and government sectors. His work has included incident response, computer forensics, malware analysis, security architecture design and review, and more. Previously, Jess worked for 10 years as a systems, network, and security engineer in the Spanish Space Agency, where he collaborated as a security advisor with the European Space Agency, NASA, and other international organizations. Jess is a frequent speaker at security events, having been invited to dozens of them around the world during the last few years. Jess has also contributed to several books, articles, SANS courseware, the GIAC program, etc. Jess is an active security researcher in areas such as incident response and computer forensics and honeynets. Jess holds a Masters of Science in telecommunications engineering from the Univ. Politecnica de Madrid.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.