Save $400 on 4-6 Day Courses at SANSFIRE 2018 in Washington DC. Ends Tomorrow!


To attend this webcast, login to your SANS Account or create your Account.

Finding Unknown Malware

  • Tuesday, October 8, 2013 - Sydney 12 pm / Seoul 10 am / Singapore 9 am
  • Hal Pomeranz, SANS Faculty Fellow and Certified Instructor
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • AISA

You can now attend the webcast using your mobile device!


Join us for the next installment of the SANS-APAC webcast series where we will provide a technical look at Finding Unknown Malware.

If you have ever been given the mission to "Find Evil" on a compromised system, you understand the enormity of that tasking. In this one-hour webcast, we will make use of sound methodology for identifying malware, using strategies based on "Knowing Normal", "Data Reduction" and "Least Frequency of Occurrence" in order to identify malicious software and common methods of persistence. The skills and tools presented here will aid in efficient identification of anomalous files in order to narrow further analysis and facilitate the creation of indicators of compromise, used in enterprise-wide scanning.

Note: This is a technical talk that leverages subject matter from SANS FOR508: Advanced Digital Computer Forensic Analysis and Incident Response.

Speaker Bio

Hal Pomeranz

Hal Pomeranz is an independent digital forensic investigator who has consulted on cases ranging from intellectual property theft, to employee sabotage, to organized cybercrime and malicious software infrastructures. He has worked with law enforcement agencies in the US and Europe and global corporations.

While equally at home in the Windows or Mac environment, Hal is recognized as an expert in the analysis of Linux and Unix systems. His research on EXT4 file system forensics provided a basis for the development of Open Source forensic support for this file system. His EXT3 file recovery tools are used by investigators worldwide.

Hal is a SANS Faculty Fellow and Lethal Forensicator, and is the creator of the SANS Linux/Unix Security track (GCUX). He holds the GCFA and GREM certifications and teaches the related courses in the SANS Forensics curriculum. He is a respected author and speaker at industry gatherings worldwide. Hal is a regular contributor to the SANS Computer Forensics blog and co-author of the Command Line Kung Fu blog.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.