SANS Stay Sharp Training Live Online: Quickly sharpen your skills with 1-3 day blue team & cloud courses. Save 25% thru 11/11.


To attend this webcast, login to your SANS Account or create your Account.

Detecting Persistence Mechanisms

  • Thursday, January 10, 2013 at 1:00 PM EST (2013-01-10 18:00:00 UTC)
  • Alissa Torres

You can now attend the webcast using your mobile device!



Persistence mechanisms are techniques used by malware to increase survivability on compromised host systems. For an incident responder, the identification of specific artifacts created by such techniques can provide excellent insight into the function of the malicious code. In fact, these host-based artifacts aid in unraveling the adversary's methodologies and the subsequent identification of other compromised systems on the network. This presentation will cover both common persistence mechanisms such as modified registry keys, Windows service persistence and other methods seen in past campaigns as well as newer techniques from malware hitting today's enterprises. Also during this hour, several tools useful in isolating and identifying persistence indicators will be introduced. This session covers key skills needed on effective security teams and is a "must attend" webcast for those working in the IR profession.

Speaker Bio

Alissa Torres

Alissa Torres is a SANS Analyst and certified SANS instructor specializing in advanced computer forensics and incident response (IR). She has extensive experience in information security in the government, academic and corporate environments. Alissa has served as an incident handler and as a digital forensic investigator on an internal security team. She has taught at the Defense Cyber Investigations Training Academy (DCITA), delivering IR and network basics to security professionals entering the forensics community. A GIAC Certified Forensic Analyst (GCFA), Alissa holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+ certifications.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.