Get an 11 iPad Pro, Surface Pro, or $350 Off thru Dec 4 with OnDemand or vLive Training!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Cloud Storage Forensics: Endpoint Evidence

  • Tuesday, December 3rd, 2019 at 3:30 PM EST (20:30:00 UTC)
  • Chad Tilbury

You can now attend the webcast using your mobile device!

Overview

An often overlooked area of cloud forensics is data and metadata stored on the local device. Unsurprisingly, devices which have synchronized to a cloud storage service may contain a wealth of information relevant to an investigation. Devices regularly record metadata on locally synchronized files in addition to files only present in the cloud. Deleted items may still be recoverable, and files may be present in cloud storage cache folders even when they were not selected for local synchronization. In short, cloud storage data can be more accessible on the local device and can contain files and metadata distinctly different than the current cloud repository. However, endpoint collection includes its own set of challenges. In this webcast, SANS Senior Instructor Chad Tilbury will discuss these challenges and provide a strategy for ensuring you are not missing critical evidence in your investigations. 

Speaker Bio

Chad Tilbury

Chad has over 20 years of experience working with government agencies, defense contractors, and Fortune 500 companies. He served as a Special Agent with the Air Force Office of Special Investigations, where he investigated and conducted computer forensics for a variety of crimes, including murder, abduction, espionage, fraud, hacking, intellectual property theft, child exploitation, terrorism, and computer intrusions. He has led international forensic teams, built forensic departments, and spent over eight years as an incident response consultant and technical director with Mandiant and CrowdStrike. Here at SANS, Chad is a senior instructor and co-author for two six-day courses: FOR500: Windows Forensic Analysis, which focuses on the core skills required to become a certified forensic practitioner, and FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics, which teaches sophisticated computer intrusion analysis and advanced threat hunting techniques.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.