I'm Your MAC(b)Daddy

Presented at DEF CON 19 (2011), Aug. 5, 2011, 1 p.m. (50 minutes)

The field of Computer Forensics moves more and more in the direction of rapid response and live system analysis every day. As breaches and attacks become more and more sophisticated the responders need to continually re-examine their arsenal for new tactics and faster ways to process large amounts of data. Timelines and super-timelines have been around for a number of years but new software and techniques brings them back into play for Incident Response and live analysis instead of static postmortem forensics. Add in identification of anti-forensics techniques and you gain a whole new view on forensic timelines.


  • Grayson Lenik - Security Consultant Trustwave, Spiderlabs
    Grayson Lenik is a Security Consultant at Trustwave and a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has over 12 years of System Administration experience including 6 years with American Express/IBM Global Services at one of the largest data centers in the world. Prior to his career in IT he was an Aviation Electronics Technician in the United States Navy forward deployed on board the USS Kitty Hawk and USS Independence. Grayson is a Microsoft Certified Systems Engineer (MCSE), a GIAC Certified Forensic Analyst (GCFA) and a Qualified Security Assessor (QSA). He is working towards the CISSP certification and a Bachelor's in Information Security. Grayson authors the computer forensics blog "An Eye on Forensics". Twitter:@handlefree