Final Week to Get a MacBook Air or Surface Pro 7 with Online Training - Best Offers of the Year!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Automating the Incident Response Process

  • Wednesday, March 04, 2015 at 1:00 PM EST (2015-03-04 18:00:00 UTC)
  • Jeffrey (J.J.) Guy, Alissa Torres


  • Carbon Black

You can now attend the webcast using your mobile device!



As witnessed in 2014, big companies present big targets for hackers but no company is immune to hacking. To cope with these increasing threats, speed of response is essential to mitigate damage and data loss. Instead of gathering evidence after a potential incident, the key to successful investigations is continuous monitoring and system "scraping."

Since attacks are assumed to be inevitable, the key is preparing for a breach so that once the threat is identified, the next steps of isolation, investigation and corrective actions can be executed as quickly and as efficiently as possible.

This webcast will provide an overview of the resources including a process that can be used to detect attackers more accurately and efficiently, thereby mitigating damage and data loss.

View the associated whitepaper.

Speaker Bios

Alissa Torres

Alissa Torres is founder and senior consultant for Sibertor Forensics. She is an experienced digital forensic investigator specializing in advanced computer forensics and incident response, recently serving as an advisor for an international CERT and architect of internal IR capabilities for a Fortune 100 company. Her past industry roles include senior incident handler on the Mandiant Computer Incident Response Team (MCIRT) and digital forensic examiner on an internal employee investigations team.

Alissa has taught as a Certified SANS instructor for over four years, and is lead author of the FOR526 Memory Forensics In-Depth course at the SANS Institute. She has worked in government, academic, and corporate environments and with a wide array of enterprise and investigative technical solutions. A passionate researcher and presenter, she has spoken at various industry conferences such as RSA, Shmoocon, NCCC, HTCIA, Enfuse and numerous B-Sides events. In addition to being a GIAC Certified Forensic Analyst (GCFA), she holds the GCFE, GSEC, GCIH, GPEN, CISSP, EnCE, CFCE, MCT and CTT+.

Jeffrey (J.J.) Guy

Jeffrey (J.J.) Guy is director of operations for Bit9 + Carbon Black. He joined the company when Bit9 merged with Carbon Black in February 2014. At Carbon Black he was customer advocate and support lead. He spent 12 years in federal cyber operations, including an active duty tour with the Air Force's Information Warfare Center and as director/general manager of one of the top providers of federal computer network operations (CNO) R&D services, with about 100 kernel programmers, reverse engineers and vulnerability researchers supporting a dozen different federal programs. Guy's time in the Air Force gave him an intimate understanding of the shortfalls of enterprise network defense technology. Frustrated by the "state of the art" and narrow thinking of industry, he has been a strong advocate for shifting security investment from protection to detection and response since 2002. As a full-stack engineer, proven leader and public speaker, he can move from the lab to the podium to the boardroom and back. Guy a bachelor's degree in computer engineering from Case Western Reserve University and a master's degree in computer science from Johns Hopkins.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.