NEW SANS Stay Sharp Training - Live Online: Quickly sharpen your skills with 2-day management courses. Save 25% thru tomorrow!


To attend this webcast, login to your SANS Account or create your Account.

SANS @MIC Talk - That’s odd…or is it evil? How do you triage a system that may be under attack?

  • Wednesday, May 13, 2020 at 8:30 PM EDT (2020-05-14 00:30:00 UTC)
  • Steve Anson

You can now attend the webcast using your mobile device!



Most incidents begin with an anomaly. Something on a system or in a log file that just looksoff. Being able to investigate these anomalies is a critical skill for any incident responder, system administrator, or SOC analyst to possess. Join Steve Anson, author of Applied Incident Response (, to learn techniques that you can apply in your environment to interrogate local or remote systems and better understand if they are part of an incident, or just having a bad day.

Speaker Bio

Steve Anson

Steve Anson is a Director with Forward Defense, a leading IT security and incident response company headquartered in Abu Dhabi. Previously, he served as a special agent with the US Department of Defense and on an FBI Cyber Crime Task Force, leading complex investigations into cyber-related offences including network intrusion incidents, terrorism, fraud and crimes against children. Steve also served as an instructor at the FBI Academy and for the US Department of State, providing network intrusion investigation and digital forensics training to thousands of students from US law enforcement agencies as well as national police, prosecutors and judges from dozens of countries.

Throughout his career, Steve has received a number of industry credentials, including Certified Information Systems Security Professional (CISSP), EnCase Certified Examiner (EnCE), Cellebrite Certified Mobile Examiner (CCME), US Department of Defense Certified Computer Crime Investigator and US Federal Law Enforcement Training Center Seized Computer Evidence Recovery Specialist (SCERS). He has served as an Adjunct Professor for George Washington University’s Master of Computer Forensics program, is a certified Lead Assessor for laboratory competence in ISO 17025:2005 with the American Association for Laboratory Accreditation, and is the co-author of Mastering Windows Network Forensics and Investigations from Wiley Publishing.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.