DFLabs’ Senior Product Manager and an expert in security operations, incident response, digital forensics and investigations John Moran, will present best practices for using “live box” forensics at the upcoming SANS Threat Hunting and Incident Response Summit in New Orleans on September 7, 2018.
As organizations experience an increase in complex cyber threats and advanced attack techniques, such as the use of file-less malware, security operations personnel are turning to the use of “live box” forensics in threat hunting, despite its perceived risks and pitfalls. With this in mind, John will detail the Dos and Don’ts when conducting “live box” forensics for threat hunting and provide a best practices framework for incident response teams. Moreover, he will use a newly released free Windows tool that automates data acquisition to demonstrate “live box” techniques.
Learn more about the Summit here.
This press release was originally published on Business Wire. Read the full press release here.
DFLabs’ Senior Product Manager, John Moran will promote and discuss the release of a free live forensics tool at Black Hat USA 2018.
Prior to DFLabs, Moran was a computer forensic analyst for the Maine State Police Computer Crimes Unit and computer forensics task force officer for the U.S. Department of Homeland Security. The constant challenges he ran across led to finding the right combination of tools for the forensic information he needed. The solution to this challenge was writing his own tool called No-Script Automation Tool (NAT), which he’ll personally promote on Aug. 8 at the Black Hat USA 2018 conference in Las Vegas.
Moran told eWEEK: “I’m going to talk a little bit about live forensics as a whole and the do’s and don’ts for forensic analysis, but really the whole purpose of the talk is to show the tool that basically came out of my experiences working in incident response.”
Moreover, he said that he often had to use 30 or more tools to get the necessary information. Figuring out the proper configuration options for various tools, as well as getting every single tool to run and export information took too much time.
Moran adds: “I wanted to build a tool that would be a one-click thing that would enable incident responders to run the right tools and it would just work. This tool also allows responders to verify the tools they are running, so it has a known good list of accepted, authentic tools.”
Read the entire article here.