ThroughDec 13, 2013you can receive a 11" 128GB MacBook Air (just-announced newest model), Toshiba Satellite E45T-AST2N01Ultrabook' Convertible, or an $850 discount when you register and pay for a qualifying*vLiveorOnDemandcourse! SANS-Forensics-Virtual-Training-Offerings
To take advantage of this offer, enter one of the following discount codes at checkout:
FOR408: Computer Forensic Investigations - Windows In-Depth
PowerShell "Remoting" is a feature that holds a lot of promise for incident response. "Remoting" is the ability to run PowerShell commands directly on remote systems and have just the results sent back to the querying machine. From an IR standpoint, this is like a built-in agent ready and waiting to answer your investigative questions--at scale. As I'll discuss shortly, Remoting provides us the ability to query a thousand machine in just minutes!
Before I get to the details of Remoting though, let me kickoff the discussion by going through the basics of PowerShell and Windows Remote Management (WinRM), which provides the foundation for the PowerShell "Remoting" feature. After covering this background information, I'll go over the significant performance benefits of Remoting and then cover the authentication details and implications for privileged account use (fortunately there's a lot of good news on this front too).
PowerShell is the ...
It's been a busy time in digital forensics and incident response (DFIR). Every summer, for over 20 years, infosec and forensicators and old school hackers have gathered in Las Vegas. A mixture of very deep tech talks, trainings, and technology oriented distractions "flood the zone" in Las Vegas. Close to 15-20,000 people were in Las Vegas this summer for what has now evolved into three separate conferences, all in the same week.
July 27th was the start of Black Hat atCaesars Palace in Las Vegas. The conference kicks off with training in the last weekend of the month, and finishes onWednesday, July 31st and Thursday, August 1st, with lectures and technical demonstrations, called "Black Hat Briefings." This year, in the wake of the NSA/Snowden rowe, NSA Director, General Keith Alexander gave the opening keynote. Black Hat was more corporate than ever, with more sponsor banners, and sponsor-generated talks (disclosed by the organizers, and placed in a separate area, bravo!)
SANS expanded the Reverse-Engineering Malware course (FOR610) to include a day's worth of capture-the flag malware analysis challenges. The challenges are built upon the NetWars tournament platform and are designed to reinforce the skills learned earlier in the course by experimenting with real-world malware. You can get a sneak peak at the new experience.
More than 450 participants completed the SANS 2013 Digital Forensics Survey, conducted online during April
and May 2013. A primary goal of this survey was to identify the nontraditional areas where digital forensics
techniques are used. The survey can be downloadedHERE.
A webcast introducing the Survey earlier this month can be found here: https://www.sans.org/webcasts/digital-forensics-modern-times-survey-96645
The survey written by Paul Henry, Jacob Williams, and Benjamin Wright.
In the survey 54% of respondents indicated