Gain Top-Notch InfoSec Skills at SANS San Diego 2017. Save $200 thru 9/27.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

IR Event Log Analysis

  • Monday, February 2nd, 2015 at 1:00 PM EST (18:00:00 UTC)
  • Hal Pomeranz
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

Windows event logs contain a bewildering variety of messages. But homing in on a few key events can quickly profile attacker activity.

From administrator logins, to scheduled tasks, to entries related to system services, and more-- the event logs are a one-stop shop.

Learn to "crack the code" and enhance your investigations by adding event log analysis to your toolset.

Speaker Bio

Hal Pomeranz

Hal Pomeranz is an independent digital forensic investigator who has consulted on cases ranging from intellectual property theft, to employee sabotage, to organized cybercrime and malicious software infrastructures. He has worked with law enforcement agencies in the US and Europe and global corporations.

While equally at home in the Windows or Mac environment, Hal is recognized as an expert in the analysis of Linux and Unix systems. His research on EXT4 file system forensics provided a basis for the development of Open Source forensic support for this file system. His EXT3 file recovery tools are used by investigators worldwide.

Hal is a SANS Faculty Fellow and Lethal Forensicator, and is the creator of the SANS Linux/Unix Security track (GCUX). He holds the GCFA and GREM certifications and teaches the related courses in the SANS Forensics curriculum. He is a respected author and speaker at industry gatherings worldwide. Hal is a regular contributor to the SANS Computer Forensics blog and co-author of the Command Line Kung Fu blog.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.