BEYOND 'CHECK THE BOX': POWERING INTRUSION INVESTIGATIONS

No ratings

Presented at BlackhatAsia 2014 by

Jim Aldridge

Many organizations have implemented robust security tool suites and “checked the box” on security logging standards. Yet many of these same organizations have not considered how these tools would effectively support an incident investigation effort. This presentation begins by outlining a typical intrusion investigation process. It then presents a series of scenarios where investigators need the capability to rapidly obtain information from the environment to further their investigation. Each scenario will contain a case study and present recommended technical and process prerequisites.