Post Mortem Forensics: Telling the Story of a Breach

Presented at LayerOne 2017, May 27, 2017, 3 p.m. (60 minutes).

Ever wonder how to dissect a cyber attack? This talk will be an overview of the forensic artifacts that matter when investigating breaches carried out by persistent actors, as well as tips and tricks I’ve learned while responding to breaches of Windows systems over the years. Topics covered will include the following: Process execution forensics Enumerating activity tied to use of graphical interfaces Stacking logs to reveal use of attack tools Methods to hunt for exfiltration of data Timelining forensic artifacts Hunting for previously undetected threat actors across large networks Aggregating malware repositories to help you hunt for target attack tools

Presenters:

• Jase Kasperowicz
  By day, Jase is a Security consultant responding to incidents at some of the world’s largest companies. Specialized in performing distributed forensics across networks in excess of 50,000 systems and hunting for previously undetected threat actors. By night, he’s active in the Southern California infosec scene and active DC562 member.

Links:

• https://infocon.org/cons/LayerOne/LayerOne 2017/LayerOne 2017 - Post Mortem Forensics Telling the Story of a Breach (Jase Kasperowicz).mp4
• https://www.youtube.com/watch?v=rn3mvbNK4lA