SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsMany organizations are interested in standing up threat response teams but are unable, or unwilling, to provide funding or approval for third-party tools. This lack of support requires threat response teams to utilize built-in, OS-specific tools, to investigate suspicious processes and files. These tools can provide a significant amount of useful information when scrutinizing a suspicious process or file. However, these tools and their output are often unwieldy. A lack of cohesiveness requires running multiple similar commands to gather all the data for an investigation, and then manually combining and correlating that data. This paper examines the data of interest during an incident response and the native Microsoft Windows tools used to obtain it. This paper also discusses how to use PowerShell to automate the collection and compilation of this important data.