Best Finds in DFIR for 2014

  • Tuesday, 08 Apr 2014 1:00PM EDT (08 Apr 2014 17:00 UTC)
  • Speaker: David Cowen

After another year of research into all things DFIR, we've walked away with a lot of new tools and artifacts to look at. This presentation will go through what we think are the most useful and relevant of those:

  • Detecting writes to NTFS disks with the ntfs-3g driver
  • Recovering MTP access
  • Outlook attachment access
  • Artifacts from renaming accounts in Windows 7
  • Using task scheduler logs to recover past logins

Don't miss the Digital Forensics and Incident Response (DFIR) Summit & Training event which combines hands-on DFIR classroom training with trending DFIR summit speakers together into ONE premier event. Choose from 5 DFIR training classes and add on the two-day action-packed Summit that will help you build your DFIR Skills to new levels. One of the few DFIR-only training events on the SANS calendar! Join the most innovative minds in the industry to tackle advanced DFIR issues. Download the full agenda to read complete session descriptions and the full line-up at https://www.sans.org/event-downloads/33822/agenda.pdf

SAVE WITH THE BUNDLE DISCOUNT

Reduce your Summit registration fee from $1,495 to $495 when purchased in conjunction with a full priced 4-6 day course ' a savings of $1,000! Discount automatically applied during registration.

Register today https://www.sans.org/event/dfir-summit-2014