Presented at
Objective by the Sea version 2.0 (2019),
June 1, 2019, 4:30 p.m.
(30 minutes)
Forensic analysis is sometimes all about grasping for straws. You never know what time little piece of data can make a difference in an investigation. We focus so much on native forensic artifacts that we lose sight of what third party applications provide us. I'm a huge proponent of having monitoring tools to keep track of what is happening on my system and to (hopefully) protect it. These tools are inherently monitoring the system, what data can they provide to forensic investigators? This talk will go through some of the most popular monitoring utilities to show what they record and how that can help move forward investigations. Objective-See, Little Snitch, iStat Menus, AV, and more!
Presenters:
-
Sarah Edwards
- Forensic Analyst / Principal Instructor at SANS Forensics
Sarah is an senior digital forensic analyst who has worked with various federal law enforcement agencies. She has performed a variety of investigations including computer intrusions, criminal, counterāintelligence, counter-narcotic, and counterāterrorism.
Sarah's research and analytical interests include Mac forensics, mobile device forensics, digital profiling and malware reverse engineering. Sarah has presented at the following industry conferences; Shmoocon, CEIC, Bsides*, TechnoSecurity, HTCIA and the SANS DFIR Summit. She has a Bachelor of Science in Information Technology from Rochester Institute of Technology and a Masters in Information Assurance from Capitol College. Sarah is the author of the new SANS Mac Forensic Analysis Course - FOR518.
Links:
Similar Presentations: