At one time, computer forensics consisted of pulling the plug, imaging everything in sight, loading those images into EnCase or FTK, and hoping you can "find the bad guy stuff". As computer hackers have become more resourceful, the complexity of computer forensics has likewise increased exponentially. Add to that the growing size of data storage devices, and it becomes infeasible to even consider imaging tens or hundreds of terabytes, let alone load those images into EnCase or some other forensic software. So what's the answer? How can incident responders hope to remain relevant in today's operating environment? With Sniper Forensics!
Live Analysis tools and techniques have exploded onto the incident response scene in the last two years. By gathering and reviewing volatile data and RAM dumps, incident responders can use time proven theories like, "Locard's Exchange Principle", "Occam's Razor", and "The Alexiou Principle" to identify and target only the systems that are part of the breach. What used to take hours of analysis can now be done in minutes! What used to take weeks, can now take days!
By using sound logic and data reduction based on forensic evidence extracted from Live Analysis, incident responders can introduce accuracy and efficiency into their case work at a level not available through any other means. This is truly the cutting edge of modern computer forensics, and not something to be taken lightly! Don't miss the opportunity to learn tips, tools, and hear real world examples of how Live Analysis is literally changing the landscape of modern forensics!
This information is CRITICAL for all incident responders and computer forensic analysts! It combines cutting edge forensic tools and techniques with time proven principles. Successful integration of the material contained in this presentation will without question, reduce the time spent on cases and increase accuracy! It's a targeted approach to forensics which I have dubbed, "Sniper Forensics" rather than the old school, "Shotgun forensics" approach.