Loading…
This event has ended. Create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, September 10 • 13:30 - 14:29
Old Dog, New Tricks: Forensics With PowerShell

Sign up or log in to save this to your schedule and see who's attending!

Recent intrusion into the networks of organizations like Office of Personnel Management, Sony, JPMorgan Chase, and British Airways have shown that the question isn’t “if” your organization will be targeted, but “when”. With these attacks and many others in recent years, incident response teams have had to rapidly change tactics from the “image-and-forget” methodology to live box forensics and containment. During these engagements, forensic analysts must actively track and monitor an adversary in their network while preventing the adversary from recognizing detection but most tools are not up to the job. PowerShell brings the flexibility and in-memory nature to defenders to tackle live threats.

In this talk, I will cover how my project, PowerForensics, can provide the Digital Forensics/Incident Response community with an all in one toolset for attack response and investigation. By leveraging PowerShell’s access to the Windows API and .NET framework, PowerForensics provides investigators with a forensically sound “live” investigation platform without the need to image the hard drive. I’ll cover the background and overview of PowerForensics, including how its various capabilities can facilitate the investigation of advanced actors at scale. Finally, I’ll cap off with a complex demo, showing how PowerForensics can help blue teams investigate the real attacks they’re now facing. PowerShell isn’t just for the red team anymore.

Speakers
avatar for Jared Atkinson

Jared Atkinson

Jared Atkinson is the Hunt Capability Lead with Veris Group’s Adaptive Threat Division and is an Adjunct Lecturer in Utica College’s M.S. in Cybersecurity program. Before working for Veris Group, Jared spent 4 years leading incident response missions for the U.S. Air Force Hunt Team, detecting and removing Advanced Persistent Threats on Air Force and DoD networks. Passionate about PowerShell and the Open Source community... Read More →


Thursday September 10, 2015 13:30 - 14:29
Track 2

Attendees (19)