Special Offer w/ OnDemand: Get an iPad (32 G), Galaxy Tab A, or Take $250 Off OnDemand Training thru Jan 27


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Facilitating Fluffy Forensics 2.0

  • Thursday, March 24, 2016 at 11:00 AM EDT (2016-03-24 15:00:00 UTC)
  • Andrew Hay

You can now attend the webcast using your mobile device!



Cloud computing enables the rapid deployment of servers and applications, dynamic scalability of system resources, and helps businesses get products to market faster than ever before. Most organizations are aware of the benefits of adopting cloud architectures and many are becoming aware of the potential security risks. The majority of organizations, however, don't realize the numerous challenges of conducting incident response (IR) activities and forensic investigations across public, private, and hybrid cloud environments.

It's not all doom and gloom, however. The consumption model of cloud architectures actually lends itself to helping investigators conduct forensic and IR exercises faster and more efficiently than on a single workstation. For this to happen, however, the tools and techniques employed must evolve...but have they?

In this session, DataGravity CISO Andrew Hay will revisit the forensic and IR challenges of investigating servers and applications in cloud environments in addition to the opportunities that cloud presents to help expedite forensic investigations. . Topics that will be discussed include:

  • Traditional forensics and IR
  • Cloud architectural challenges for responders
  • Chain-of-custody and legal issues across architectures and regions
  • How existing forensics/IR tools can help - and what they can do better
  • Advantages of conducting forensics/IR in cloud environments

Will you be the hunter or the prey?

Join us April 12-19, 2016 in New Orleans, LA for the Threat Hunting & Incident Response Summit and Training. This event was created to provide you with the methodic preparation to cull your adversaries from your network before you become their prey.
Learn to hunt down the enemy before it hunts you:

  • Master the latest techniques needed to properly identify compromised systems
  • Contain Security breaches and rapidly remediate the incidents
  • Stop adversaries from further compromising your enterprise systems

Speaker Bio

Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company's comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.

Andrew has served in various roles and responsibilities at several companies including DataGravity, OpenDNS (a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.