Was someone here? What did they do? And are they still doing it? If you can't routinely answer those questions, your computer infrastructure is at risk. Forensics is the art of filling in those answers, pointing the way toward an effective response and hopefully better defenses in the future, and is the focus of today's trio of Black Hat USA 2015 Trainings.
Given the staggering number of security breaches over the last several years, it's extremely problematic that the average IT staffer lacks the deep technical knowledge of file systems, OS design, and attack vectors needed to effectively respond. Digital Forensics & Incident Response aims to help fill that gap, teaching the key theory and offering valuable hands-on experience in situations that mimic real-world scenarios. New for 2015 are seven additional labs, new analysis techniques, and a deep dive into Windows 8 forensics.
For another take on the material check out Incident Response - Black Hat Edition. A two-day intensive, you'll learn the fundamental investigative techniques needed to respond to today's threat actors and intrusion scenarios. Topics will include conducting rapid system triage to determine if there's a compromise, uncovering attack vectors, recognizing signs of persistence, perceiving the full scope of incidents, and more.
Finally, forensic investigators must be savvy enough to find network-based evidence, preserve it, and extract the evidence. Network Forensics: Black Hat Release comes from the authors of "Network Forensics: Tracking Hackers Through Cyberspace," and their four-day class will give you hands-on experience analyzing covert channels and flow records, carving malware from packet captures, and correlating evidence to build a solid case. Students will receive a fully loaded virtual forensics workstation, designed by experts and theirs to keep.
Black Hat USA 2015 will occur at the Mandalay Bay resort in Las Vegas. It goes down August 1-6, and there's still time to lock in early-bird discounts if you register before June 6.