Loading…
Friday, May 3 • 9:00am - 10:00am
Dear Blue Team: Forensics Advice to Supercharge your DFIR capabilities and timing

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
In an age where data breaches and malware infections are quickly becoming the norm, we must prepare for Digital Forensics and Incident Response (DFIR). Most DFIR talks and advice discuss what to do once an incident has occurred. Instead, this talk provides Security Architects, System Administrators, SOC teams, and management new techniques and advice to supercharge their IR capabilities by preemptively collecting forensic evidence as a baseline.

The content provided in this presentation goes beyond the age-old advice of verbose logging and asset inventories. It will promote a cooperative relationship between DFIR and the rest of the Blue Team. We will kick this presentation off with a discussion about Threat Hunting versus Forensics. During this presentation, blue teamers and management will be armed with actionable advice as to how to pre-emptively capture artifacts as baselines BEFORE anything ever happens and the actions to take WHEN something happens.

Speakers
avatar for Joe Gray

Joe Gray

Senior Security Architect, IBM
Joe Gray joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Joe is currently a Senior Security Architect and maintains his own blog and podcast called Advanced Persistent Security. In his spare time, Joe enjoys... Read More →


Friday May 3, 2019 9:00am - 10:00am
KEC 17 Market Square Suite 101, Knoxville, TN 37902, United States

Attendees (44)