Webinar Replay Series for Corporate Investigations
If you missed out on some of our recent webinars, we’re offering you another chance to view them and submit your questions. Register for the webinar of your choice below.
Responding to Ransomware Attacks with Gillware and Magnet Forensics
February 13
– 11:00AM EST
– 1:00PM EST
– 9:00AM EST
Abstract:
The methods that attackers are using to access networks and systems are constantly evolving. Ransomware has easily become the most prominent attack used by both individuals with limited budget right up to nation-state actors with far more resources available to them. As bad actors use the latest tools and technology to extort organizations, it’s equally important for examiners to use the latest tools and techniques to prevent malicious attacks.
Join Nathan Little, VP of Incident Response and Forensics at Gillware and Jamie McQuaid, Forensics Consultant from Magnet Forensics as they walk through a case study where legitimate security tools are used the deliver ransomware by an attacker to an unsuspecting user and how to best respond to these attacks. The webinar will include both the attacker and incident responder perspectives allowing us to see exactly what actions leave traces of evidence behind on a user’s system. We’ll discover how the attacker initially gained access to the user’s system, how their tools were delivered, and any evidence of program execution of the malicious payload.
Fraud, IP Theft, and an Intrusion: A Case Study with Gillware Digital Forensics
February 20
– 11:00AM EST
– 1:00PM EST
– 9:00AM EST
Abstract:
When you’re faced with an intrusion — whether you were brought in as an outside consultant or are responsible for incident response for your organization — your stakeholders or management ask the same question: What did they take, and how did they get in? In order to answer these questions, examiners must correlate a lot of different data. From the primary source files of interest, to system and network logs, to supporting artifacts that indicate user and file activity, there is a lot of data to go through and having a sound process and reliable tools can help answer these questions. In this webinar, Nathan Little, Gillware Digital Forensics and Jamie McQuaid, Magnet Forensics will use a real case to demonstrate how Magnet AXIOM can be used to help identify the source of an intrusion and what sensitive data was taken by the attackers. Join us for this live webinar where you’ll not only be able to learn more about how you can get all this information using AXIOM, but you can ask the experts questions during a live Q&A.
macOS: Forensic Artifacts and Techniques that are Essential for Mac Investigations
March 5
– 11:00AM EST
– 1:00PM EST
– 9:00AM EST
Abstract:
Mac investigations can be challenging for a number of reasons. Learn about the Apple File System (APFS) and the changes made as part of the update from HFS+, while discussing the best techniques for successfully completing macOS investigations. In this session we will also investigate APFS Operating System artifacts and files such as: KnowledgeC.db, FSEvents, Volume Mount Points, Quarantined Files, and bash history, providing context on how these artifacts will help connect the dots in your investigations.
Hide, Seek, and Find: Memory Analysis for Fast Incident Response
March 12
– 11:00AM EST
– 1:00PM EST
– 9:00AM EST
Abstract:
Few incident responders dispute the importance of memory analysis in incident response. Not only is memory acquisition faster than acquiring the hard drives of multiple (even hundreds of) computers; it’s often the only source of evidence in an ongoing attack. Frequently, memory contains valuable traces of system activity even when the attacker takes steps to hide what they’re doing. This webinar will delve into the processes and user sessions that produce data across multiple users and one malicious file. With an emphasis on system activity, you’ll learn about memory artifacts including running processes, registry hives and keys, and other data that can help you determine what’s happening—and how to stop it. Join Jessica Hyde and Aaron Sparling to learn more about memory analysis and how it could help you in your investigations.