SANS@MIC - Remote Forensic Investigations in the Context of COVID-19

  • Monday, 08 Jun 2020 3:30PM EDT (08 Jun 2020 19:30 UTC)
  • Speaker: Xavier Mertens

Many of us are confined at home due to the COVID-19 pandemic. But, business as usual, many organizations are still facing security incidents (related to the virus or not). Let's imagine the following scenario: Your phone rings because a customer detected some suspicious activity on a server or a workstation. Of course, it must be investigated \as soon as possible". The server is physically located 500km away and you're stuck at home... How to handle this situation?

During this SANS@MIC webcast, I'll present and demonstrate a customizable live CD based on free tools to perform remote forensic investigations: check filesystems for indicators of compromise, take memory image, extract logs, and much more...