Incident Response & Forensics

 

Education Level: Intermediate

6318 - Open Source DFIR Made Easy: The Setup

Wednesday, September 27
1:00 PM - 2:00 PM

A common challenge in the digital forensics and incident response (DFIR) community has been creating a DFIR toolkit that is cheap, simple to set up, scalable and easy to use. This presentation introduces the use of the “CyLR CDQR Forensics–Virtual Machine” (CCF–VM). The CCF–VM was designed to provide an all-in-one solution to one of the most common issues facing DFIR teams. It provides a conveniently packaged, easy-to-use platform, designed from the ground up to enable teams to collect, process and analyze critical forensics artifacts to triage and investigate intrusions both large and small. With built-in, commonly used searches and dashboards, CCF–VM enables searching of both single or multiple hosts simultaneously based on analyst or incident needs.

Learning Objectives:

Alan Orlikoski

Security Engineer
Square Inc.

Alan Orlikoski is a Security Engineer for Square Inc.'s Platform Security team. He analyzes and tests existing incident response plans, conducts forensic investigations and provides incident response and forensics training. Alan has an extensive computer forensics background and has been a leader in some of the largest incident response and security operations center development programs in the history of the company.

Presentation(s):

Send Email for Alan Orlikoski

Stephen Hinck

Senior Technical Account Manager
ICEBRG.IO

With over 10 years of experience in IT operations, security operations and incident response roles, Stephen has a strong background in networking, systems administration and incident response from both a business continuity and security perspective. Stephen’s experience includes incident response with reporting requirements to internal stakeholders, as well as both Federal and Department of Defense interests. Stephen has significant experience with cloud-based environments and the risks and benefits associated with workflows within them. He also has experience with building and running security operations centers, including program implementation, log management, rule creation and tuning, and threat hunting.

Presentation(s):

Send Email for Stephen Hinck


Assets

6318 - Open Source DFIR Made Easy: The Setup

MP3 Audio Slides Video

Attendees who have favorited this

Please enter your access key

The asset you are trying to access is locked. Please enter your access key to unlock.

Send Email for Open Source DFIR Made Easy: The Setup