IR Event Log Analysis

Monday, 02 Feb 2015 1:00PM EST (02 Feb 2015 18:00 UTC)
Speaker: Hal Pomeranz

Windows event logs contain a bewildering variety of messages. But homing in on a few key events can quickly profile attacker activity.

From administrator logins, to scheduled tasks, to entries related to system services, and more-- the event logs are a one-stop shop.

Learn to \crack the code" and enhance your investigations by adding event log analysis to your toolset.

Login to Register

Related Content

Finding_Evil_WMI_Event_Consumers_with_Disk_Forensics_-Blog_(1).png

Digital Forensics and Incident Response

Finding Evil WMI Event Consumers with Disk Forensics

This blog covers disk-based artifacts and tools available for use during deeper forensic investigations.

Blog_teaser_images_(19).png

Digital Forensics and Incident Response, Open-Source Intelligence (OSINT)

FOR589: Cybercrime Intelligence - NEW SANS DFIR Course coming in 2024

Learn to hunt for Dark Web Intelligence, Social Engineer cybercriminals, investigate illicit Blockchain activity, and analyze Cryptocurrency evidence

Digital Forensics and Incident Response

Ransomware: Every internet-connected network is at risk. Be prepared!

As ransomware attacks increase in number and severity, even the most advanced security systems can be compromised. Here is what you can do to prepare.