Final Week for OnDemand Special Offer: iPad mini, Surface Go 2, or Take $300 Off thru 9/30

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

SANS@MIC - Remote Forensic Investigations in the Context of COVID-19

  • Monday, August 10, 2020 at 3:30 PM EDT (2020-08-10 19:30:00 UTC)
  • Xavier Mertens

You can now attend the webcast using your mobile device!

  

Overview

Many of us are confined at home due to the COVID-19 pandemic. But, business as usual, many organizations are still facing security incidents (related to the virus or not). Let's imagine the following scenario: Your phone rings because a customer detected some suspicious activity on a server or a workstation. Of course, it must be investigated "as soon as possible". The server is physically located 500km away and you're stuck at home... How to handle this situation?

During this SANS@MIC webcast, I'll present and demonstrate a customizable live CD based on free tools to perform remote forensic investigations: check filesystems for indicators of compromise, take memory image, extract logs, and much more...

Speaker Bio

Xavier Mertens

Xavier Mertens is a freelance cybersecurity consultant based in Belgium. His daily job focuses on protecting his customer's assets and data. Oriented mainly to defensive security, he offers services like incident handling, forensic investigations, log management, OSINT and hunting for bad guys in general. Besides his daily job, Xavier is also a security blogger (https://blog.rootshell.be), a SANS Internet Storm Center handler (https://isc.sans.org), and co-organizer of the BruCON (http://www.brucon.org) security conference. Hes in the process of becoming a SANS instructor for the malware reverse engineering training (FOR610).

Xavier owns some GIAC certifications (GCIH, GCFA, GCFE, GNFA, GDAT, GCTI, GREM, GXPN) as well as CISSP and CISA.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.