There are many tools available to automate various security and forensics tasks. This talk will describe what we have successfully implemented in our services response framework, including:
-Data solutions, like Splunk and ElasticSearch and their API's
-Open source tools
-Custom code (Python, C++)
-Internal, self-service API's and their various frontends for consultants
Next, I will briefly discuss issues we have encountered and some suggested workarounds. Finally, I will cover some newer, experimental tools that we are trying out, including containers.
Sample code will be provided for attendees to automate Splunk and ElasticSearch analysis and connect common forensic tools. This talk will contain some code and will be from a programmer's perspective, but you do not have to be an experienced programmer to understand the bulk of it.