CIRT-Level Response to Advanced Persistent Threat - SANS ...

ePAPER READ

DOWNLOAD ePAPER

computer.forensics.sans.org

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

• Determine incident scope.

First Month after D-Zero

• Evaluate effectiveness of security instrumentation.

• Plan remediation.

D-Zero + 1 month

Building, Maturing & Rocking a Security Operations Center - SANS ...

Sniper Forensics “One Shot, One Kill” - SANS Computer Forensics

examples of recent apt persistence mechanisms - SANS Computer ...

Ovie Carroll - SANS Forensic Trends and Futures.pdf

Analysis & Correlation of Mac Logs - SANS

“ANN'S AURORA” - SANS Computer Forensics

Encryption v20.10 - SANS Computer Forensics

Tales from the Crypt - TrueCrypt Analysis - SANS

Digital Forensics for IaaS Cloud Computing - SANS Computer ...

All the Gear..and No Idea.. - Scalable, fast - SANS

Protecting Privileged Domain Accounts during Live Response

Mark McKinnon RedWolf Computer Forensics Mark ... - SANS

Brendan Dolan-Gavitt Georgia Institute of Technology - SANS

Taking Registry Analysis to the Next Level - SANS Computer ...

First Week after D-Zero • Decide to enlist external help. • Deliver initial briefing to decision makers. • Analyze available security evidence. • Begin deploying additional instrumentation. D-Zero + 1 week 8

• Determine incident scope. First Month after D-Zero • Evaluate effectiveness of security instrumentation. • Plan remediation. D-Zero + 1 month 9

Page 1 and 2: CIRT-Level Response to Advanced Per
Page 3 and 4: • You are an APT victim. • You
Page 5 and 6: Favorite Kris Harms APT Quotes (FIR
Page 7: First Day after D-Zero • Switch t
Page 11 and 12: • Create Red-Blue Team. Second Ye
Page 13 and 14: Incident Response Center Incident H
Page 15 and 16: Company General Electric Aerospace
Page 17: Questions? Richard Bejtlich richard

CIRT-Level Response to Advanced Persistent Threat - SANS ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?