SANS DFIRCON Spring 2021 features eight DFIR courses, plus DFIR NetWars and Coin Slayer! Register now for best offers.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Pinpoint and Remediate Unknown Threats: SANS Review of EnCase Endpoint Security 6

  • Thursday, March 15, 2018 at 1:00 PM EST (2018-03-15 17:00:00 UTC)
  • Charles Choe, Jake Williams


  • OpenText Inc.

You can now attend the webcast using your mobile device!



With the increasing prevalence of security incidents that can lead to data breaches, security teams are learning quickly that the endpoint is involved in almost every targeted attack. Recent trends in the SANS 2017 endpoint security survey indicate that despite the best efforts of security teams, employees are more likely than ever to fall victim to phishing and ransomware attacks, putting enterprise data at risk.

With so many warning signs coming in by way of security alerts, why are these attacks getting through and spreading on the network? Simple: Security alert volume is higher than ever and InfoSec time and resources are at a premium. The solution lies in contextual data and automation to help security analysts quickly validate and respond to real threats in their environments. 

This is the purpose of EnCase Endpoint Security, which released its version 6.02. Endpoint Security works with leading security tools to ingest alerts and then apply threat intelligence and scoring so security teams can focus their response on the most critical incidents.

In this webcast, SANS analyst Jake Williams will review his testing results, including how he used EnCase Endpoint Security to:

  • Detect unknown threats through anomalous behavior analysis
  • Validate threats with data enrichment and contextualization
  • Triage alerts and identify gaps in coverage
  • Forensically remediate threats (delete files, reset or delete registry keys, kill processes) without taking down servers

Register for this webcast and receive early access to the whitepaper written by Jake Williams.

View the associated whitepaper here.

Speaker Bios

Jake Williams

Jake Williams is a SANS analyst, senior SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development and digital counterespionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud data exfiltration, and the tools and guidance to secure client data against sophisticated, persistent attacks on-premises and in the cloud.

Charles Choe

Charles Choe is a Senior Product Marketing Manager at Guidance Software (now OpenText) responsible for the OpenText EnCase Forensic Security suite of products. He brings almost 10 years of product management and marketing experience, with advanced degrees in both law and business, to the table. Charles provides insight about market trends, industry challenges and solutions to Guidance Software and its customers in the areas of cybersecurity, risk management and forensic investigations.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.