Training

SecTor Forensics Training Reloaded - Price $499 / $399* - Register Now

It is no longer a case of if, but when will a breach occur. Digital forensics has become an increasingly important tool for helping understand both what really happened when the issue occurred, but what you need to do to mitigate that risk in the future.

This training is delivered by Industry-recognized security experts from Trustwave SpiderLabs based on their actual experience. It will help you learn to identify the most common types of attacks that your business will face, such as criminal malware, understand the fingerprints of highly advanced malware attacks, and gain new timeline techniques for incident response and live analysis.

• The training sessions are scenario based, hands on training for technical investigators. This training track is open for all conference attendees.
  Registration is $499 / $399 if registering for the full conference, Register Now..

SecTor Forensics Training Reloaded

• * Registrants for the full conference enjoy a $100 discount on training courses.

Session Abstracts - Forensics

Welcome and Introduction - Trustwave SpiderLabs - Chris Pogue

Methodology is King, "How to Investigate Cyber Crime" - Chris Pogue

Cyber Crimes investigations are less about tools and more about wetware (aka, the squishy stuff betwixt your ears). How do you move from initial triage to actually placing your fingers on the keyboard and making progress? There is no forensic software that can do that for you, you have to fully understand the process, think through it logically, and make calculated decisions about how to proceed.

Learn the intricate details of the Sniper Forensics methodology that has taken the computer forensics world by storm, replacing previous, outdated methodologies. Find clarity and precision in your investigations that are especially challenging by any other means. You will quickly change the way you view Cyber Crime, and come to realize that indeed, Methodology is King!

Speaker Bio: Christopher Pogue
SpiderLabs Americas - Director of Incident Response and Forensics

Chris leads the Trustwave SpiderLabs team that performs Incident Response and Forensic Investigations. The team works with a wide variety of engagements including unauthorized access, data breaches, credit card theft/fraud, mobile device forensics, and enterprise incident response. The team also provides forensic and incident response training to corporate security teams as well as law enforcement agencies at all levels.

Prior to joining Trustwave in November 2008, Chris served in the United States Army for thirteen years specializing in digital forensic investigations. He served in the Field Artillery and Signal Corps Warrant Officer divisions in addition to working as a Cyber Security Instructor. After leaving the military, Chris joined the IBM Internet Security Systems (ISS) X-Force where he remained for five years, ultimately becoming one of three Incident Response Engagement Managers.

Among his many achievements, Chris was the original creator of the forensic methodology known as Sniper Forensics, a method that is quickly emerging as the industry standard among users including the Federal Bureau of Investigation and the United States Secret Service. Additionally, in 2010, Chris was named as a SANS Thought Leader. Since its introduction in 2007, only 41 security professionals have been awarded this distinction.

Chris holds a full range of professional certifications including: Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Reverse Engineering Analyst (CREA), SANS GIAC Certified Forensic Analyst (GCFA), and Payment Card Industry Qualified Security Assessor (QSA). He also plays a leading role in a number of industry-relevant organizations which include the Consortium of Digital Forensics Specialists (CDFS), United States Secret Service Electronic Crimes Task Force (USSS ECTF) and the International Association of Chiefs of Police (IACP). Chris is the primary author of Unix and Linux Forensic Analysis by Syngress and the author of the award winning blog, The Digital Standard.

Chris has a Bachelor of Science degree in Applied Management from Grand Canyon University and a Master of Science degree in Information Security from Capella University, as well as an active Top Secret (TS/SSBI) clearance.

Crushig E-Commerce Investigations - Grayson Lenik

E-commerce breaches and corporate intrusions that begin with the web tier of an organization were the most common type of cybercrime investigated by Trustwave in 2012. Learning search techniques and keywords to locate the top vulnerabilities quickly and efficiently will help you discover the attack and protect your organization. Trustwave will share examples of common attacks, keyword searches, and the tips and tricks they use to detect obfuscated malware.

In this session you will learn:

• Basic command line search functionality
• Key terms to uncovering breach evidence in logfiles
• The most common attack vectors
• How to recognize a webshell from log activity

Stupid Hacker Tricks, "Tales From the Front Lines" - Grayson Lenik

If they wouldn't have done something stupid, they wouldn't have been caught! See real world examples of how some of the world's smartest Cyber Criminals make some monumentally bad choices that leave behind critical pieces of evidence. With more than 1,000 cases worked, and multiple arrests across the globe the experts at SpiderLabs will share their "Greatest Hits" of Stupid Hacker Tricks in this fun an informative session.

This session is specifically designed to give you insight in to exploiting the trail left by unsuspecting criminals.

Speaker Bio: Grayson Lenik
SpiderLabs Americas - Security Consultant

Grayson Lenik is a Security Consultant at Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has over 12 years of system administration and information security experience including six years with American Express/IBM Global Services at one of the largest datacenters in the world.

He is a Navy Veteran and was forward deployed on board the USS Kitty Hawk and USS Independence during "Operation Southern Watch".

Grayson is a Microsoft Certified Systems Engineer (MCSE) a GIAC Certified Forensic Analyst (GCFA), a PCI Qualified Security Assessor (QSA) and actively holds a Top Secret (TS/SSBI) clearance. He is a current member of the Consortium of Digital Forensic Specialists (CDFS) and the Seattle Electronic Crimes Task Force (ECTF).

Grayson has performed research on file system timeline artifacts and timestamp modification and has presented at a number of conferences including DEFCON, SECTOR, and ECSAP. He has trained multiple trained multiple local, State and Federal Law Enforcement agencies. Grayson authors the computer forensics blog "An Eye on Forensics".

Investigating Franchise Breaches - TBA

Trustwave saw more franchise breaches in 2012, than in any previous year. The reasons...more return on the attacker's investment, and a weak defense in depth strategy employed by the target organizations. While the amount of effort may be more than stand alone breaches, the pay off makes that additional effort worth the work. The challenge faced by forensic investigators, is can you track the attack through tens, hundreds, or even thousands of machines?

Where did the breach start? How did the attackers move from one location to the next? How can we determine how many locations were affected? Are they still here...hiding...waiting to strike again?

Learn the answers to these questions and more from the experts at Trustwave. See the techniques, and real world examples of how Trustwave approached and addressed these cases.

Speaker Bio: TBA

SpiderLabs Americas

Live Malware Analysis - Trustwave Labs

Modern timeline analysis of file system timestamps, registry entries and log data is the fastest way to identify all of the activity surrounding a given event. A combination of free utilities will allow you to develop these timelines and add and remove data points at will. SpiderLabs will show you timeline examples from real cases and demonstrate the value of the "30,000 foot" (10,000 meter) view.

Q&A Panel - Trustwave SpiderLabs – Christopher Pogue (Lead) and Grayson Lenik - Trustwave Labs

In this session, Chris, and Grayson will field the questions from the students about forensic investigations to help make sure that you leave with both the knowledge and tools to help you make the most of the training in your company.

• Requires registration at www.sector.ca/register