Learn real-world cyber security skills from active industry experts in Anaheim. Save $150 thru 12/18.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Memory Forensic Baselines: Using Normal to Avoid "Red Herring"

  • Monday, August 24th, 2015 at 11:00 AM EDT (15:00:00 UTC)
  • Alissa Torres
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

As an inherent part of incident response, creation of baselines and incorporation of their use in investigations have been highly effective in identifying malware, and spotting unusual network and user activity. Incident responders now have the ability to apply baselining through live or captured memory analysis due to recent advances in tools and techniques. In this webcast, Alissa will introduce attendees to some direct applications of knowing normal to identify malware as well as avoid time-wasting "red herring", also known to DFIR professionals as the dreaded rabbit hole.

Speaker Bio

Alissa Torres

Alissa Torres is a SANS analyst and certified SANS instructor specializing in advanced computer forensics and incident response (IR). She has extensive experience in information security in the government, academic and corporate environments. Alissa has served as an incident handler and as a digital forensic investigator on an internal security team. She has taught at the Defense Cyber Investigations Training Academy (DCITA), delivering IR and network basics to security professionals entering the forensics community. A GIAC Certified Forensic Analyst (GCFA), Alissa holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+ certifications.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.