From February 22-26 we hosted a week long complimentary virtual event, Enterprise Pulse – a series of compelling presentations helping you stay on the pulse of the latest trends in corporate digital forensics. Check out the recordings of the virtual sessions below:

Enterprise Pulse // February 22

FAST AND EFFICIENT COLLECTIONS AND ANALYSIS IN AWS

Presenter:

  • Steve Linn – Principal Security Analyst | SecurityOPS, Trimble

Learn how to collect and analyze Windows instances in AWS at neck-breaking speeds. AWS offers a way to build an AXIOM Cyber Windows investigation server with your choice of processors, memory and storage in a matter of minutes that you only pay for while you are using. Build a Windows instance for every one of your investigations and simply turn them off when you are not using them. Learn how to attach drives from other instances for examination and how to use the latest AXIOM Cyber collection tools to quickly collect and analyze your evidence.

WATCH NOW >

CURRENT TRENDS IN RANSOMWARE: A CONSTANTLY MORPHING AND EVOLVING THREAT

Presenter:

  • Cindy Murphy | President, Tetra Defense

Ransomware attacks on organizations are estimated to happen approximately once every 11 seconds with over 4000 attacks against businesses happening every day. A large number of these attacks now include not just a ransom demand for restoration of data, but also a secondary extortion demand to prevent the publication of exfiltrated data. The global costs of ransomware recovery are predicted to exceed $20 billion in 2021, and have a huge financial and business impact in both the private and public sectors. In this session, you will learn about the latest ransomware strains, trends in attack methods, tools, and techniques used by attackers, and as importantly, how to prevent these attacks.

WATCH NOW >

Enterprise Pulse // February 23

THE CYBERSECURITY CHALLENGES PLAGUING HEALTHCARE

Presenters:

  • Gene Polk | Director of Digital Forensics and eDiscovery, Banner Health
  • Jessica Hyde | Director of Forensics, Magnet Forensics
  • Sal Aziz | Sr. Product Marketing Manager, Magnet Forensics

The healthcare industry specifically has faced its fair share of challenges lately, and that also unfortunately extends into cybersecurity incidents. Threats are posed both externally from bad actors and internally from employees inadvertently introducing risk by falling victim to a phishing attack. Investigating these events with speed and insight requires a team approach. Join Gene Polk, Director of Digital Forensics and eDiscovery, from Banner Health as he describes how his team uses Portable Case to collaborate cross-functionally with key stakeholders such as HR, Privacy & Compliance, Incident Response, and Legal.

WATCH NOW >

THE INTERNET OF THINGS (IoT) IS NOW UBIQUITOUS, BUT THE ANALYSIS OF DATA IS NOT... YET.

Presenters:

  • Warren Kruse | Vice President of Cyber Investigations, Consilio
  • Robert Friend | Senior Director – Digital Forensics & Expert Services, Consilio
  • Kenneth Oliver | Senior Director – Digital Forensics & Investigations, Consilio

Join us for a discussion on the potential relevance of IoT data to different corporate or civil case scenarios, and the potential need for obtaining discovery from, for example, internet-connected cameras; home automation systems; smart speakers, TVs, and refrigerators, and wearables.

In the industrial realm we will discuss the challenge of IoT data generated in factories, warehouses, and pipelines, among other settings.

WATCH NOW >

Enterprise Pulse // February 24

(AIR)DROPPING BY UNNANNOUNCED: ANALYZING REMOTE MAC ACCESS WITH AXIOM CYBER

Presenter:

  • Joseph Pochron | Senior Manager – Forensic & Integrity Services, Ernst & Young LLP

In response to a global pandemic, we saw a global workforce decentralize and work from home. It’s clear now that work from home is here to stay in some form, even if it’s a hybrid office/work from home format.

While that’s convenient to the employee, it does raise legitimate issues when it comes to security, incident response, remote data collection, and remote forensic analysis.

Furthermore, the convenience of remote access to endpoints helps to foster a work from home approach, but also elevates the need for forensic examiners to both capture these artifacts and know where to uncover them.

This discussion will review a case study where an employee alleged an employer was spying through remote access on their Mac, and how AXIOM Cyber helped to collect and analyze that evidence.

WATCH NOW >

COLLECT AND ANALYZE DATA FROM OFF-NETWORK ENDPOINTS WITH AXIOM CYBER

Presenters:

  • Craig Guymon | Director – Solution Consulting, Magnet Forensics
  • Dallas Jordan | Solutions Consultant, Magnet Forensics

With a larger than ever remote workforce, the need to collect data from endpoints not connected to the corporate network has never been greater. It’s critical that you have the ability to collect and analyze off-network computers when you have an incident that needs to be investigated. Plus, after you have collected that evidence, you need to know what you can expect to get from it. Magnet Forensics can help and we will show you how!

Join Dallas Jordan and Craig Guymon from Magnet Forensics and learn how to leverage an AWS EC2 instance with AXIOM Cyber installed on it to remotely collect data from off-network endpoints.

WATCH NOW >

Enterprise Pulse // February 25

POWERSHELL TOOLS FOR IR FORENSICS COLLECTION

Presenter:

  • Douglas Metz | Manager – KC-CSIRT, Kimberly-Clark

Global corporate environments present unique challenges for forensic collections. In Incident Response, reducing the time to collect and analyze the data is crucial. Join Doug Metz, Manager of Cyber Security & Incident Management, as he discusses automation and orchestration using PowerShell to acquire data for Incident Response investigations.

During this session, you will learn:

  • PowerShell and command line tools for IR collections
  • How to collect only the data that’s most relevant to the investigation
  • Tips and tricks for getting from acquisition to analysis in minutes instead of hours
  • Best practices for processing IR collections with Magnet AXIOM
WATCH NOW >

CMD42 LOCK: BYPASSING EMBEDDED SYSTEM SECURITY FOR FORENSIC DATA ACQUISITION

Presenter:

  • Gareth Davies | Senior Lecturer in Forensics and Security, South Wales University/F3

Security of digital data is of paramount importance to individual security and national security. The ability to access protected or deleted data from embedded systems memory puts the security of sensitive data at risk. This talk will demonstrate the bleeding-edge of what is possible in overcoming embedded hardware security in the most common forms of NAND flash storage.

A case study will be presented on a mobile digital device that we commonly use to store sensitive data relating to our daily lives that isn’t a Smart Phone! The presentation will include elements of:

  •  Embedded Memory Types & Hardware Security
  • NAND Memory Interface and Internal Structure
  • Physical Image Extraction
  • Data Reconstruction Obstacles and Challenges
  • Reverse Operations
  • Logical Image Reconstruction Process
  • Uncommon Filesystem Analysis
  • SQL Scraping
  • Data Stored on Modern Vehicles (inc. Recovered Protected Data)
WATCH NOW >

Enterprise Pulse // February 26

UNDERSTANDING RANSOMWARE: HOW TO BUILD UP YOUR DEFENSES USING LAW AND TECHNOLOGY

Presenter:

  • Daniel Garrie | Co-Founder, Law & Forensics LLC | Mediator, Arbitrator, and eDiscovery Special Master, JAMS

This talk will provide an in-depth review of the U.S. Department of the Treasury’s Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, issued on October 1, 2020. The Advisory highlights “the sanctions risks associated with ransomware payments related to malicious cyber-enabled activities.” During this talk, Daniel Garrie will review the numerous OFAC-designated cyber actors under its cyber-related sanctions program and other sanctions programs. OFAC has imposed, and will continue to impose, sanctions on these actors who materially assist, sponsor, or provide financial, material, or technological support for those activities. U.S. citizens are prohibited from engaging in transactions with entities on OFAC’s Specially Designated Nationals and Blocked Persons List. 

Daniel Garrie will discuss how to respond if your organization falls victim to a ransomware attack, including if the criminal entity is on any OFAC’s lists. 

Topics covered in this webinar:

  • Overview of Ransomware 
  • How should an organization respond if facing a ransomware attack? 
  • OFAC Guidance and Insurance Coverage/Policies
WATCH NOW >

HANG ON! THAT'S NOT SQLITE! CHROME, ELECTRON, AND LEVELDB

Presenter:

  • Alex Caithness | Principal Analyst (Research & Development), CCL Solutions Group

SQLite has become a ubiquitous data storage format for digital forensic practitioners to consider. First popularised by smartphone platforms it now forms part of almost every investigation in one form or another. SQLite’s ubiquity was built upon the growing market share of the platforms that used it extensively so it’s interesting to ask the question: what’s the next platform, and what’s the next data format?

WATCH NOW >

Join us throughout May as DFIR experts share knowledge and mentorship at this free virtual event

Want to find a way to share your love for Magnet Forensics, look great, AND help out those in need? Check out the Magnet Merchandise Store to get your Magnet-branded items while donating to a good cause. 100% of store profits will go to charity.