SANS Digital Forensics and Incident Response Blog

Annoucning: SANS WhatWorks Summit in Forensics and Incident Response 2009

SANS WhatWorks Summit in Forensics and Incident ResponseForensic and Incident Response Summit 2009

http://www.sans.org/forensics09_summit

Dates:

Summit: July 6-7, 2009

Post-Summit Courses: July 9-14, 2009

Summit Venue:

The Fairmont Washington, D.C.
2401 M Street, NW
Washington D.C. 20037
Phone: (202) 429-2400
Fax: (202) 457-5010
Website: www.fairmont.com/washington

Summit Overview

Attackers are improving their techniques and stealth daily. Are your skills keeping pace?

Why should you attend the 2009 SANS What Works in Forensics and Incident Response Summit?

The 2009 SANS What works in Forensics and Incident Response Summit being held in Washington DC on July 6 & 7 gives you access to the state of the art in computer forensic techniques. Top industry leaders, forensics and incident response professionals and vendors will discuss the latest defenses and technologies in a series of highly interactive sessions focused on effective incident response and mitigation, forensic analysis, recovery as a result of a data breach and e-Discovery requests. Expert forensics analysts and law enforcement personnel will share their latest lessons learned from the trenches and the secrets of their forensic approach. And you will leave the Summit armed with answers to your questions as well as new techniques and solutions that you can put to use immediately.

Each presentation or panel discussion at the Summit is built around an interactive Q&A session that gives you the opportunity to grill the experts so that you leave with answers to the tough policy, process and technical questions. Case Studies will be shared that illustrate best practices as well as highlight the pitfalls to avoid. Vendor panels will give you the opportunity to compare tools side-by-side and ask the vendors directly the probing questions that will help you determine the best solutions for your organization.

Whether your organization performs forensic analysis in-house or relies on third-party analysis, the SANS What Works in Forensics and Incident Response Summit is the only event that gives you a single source for information about the unique challenges you face daily.

What Will You Learn at the Forensics, and Incident Response Summit?

  1. Up-to-the-minute, real-world forensic techniques from industry-recognized experts to find evidence while minimizing the chance of disruption of compromised systems.
  2. Methods for ensuring practical and accurate incident response and computer forensics for incidents.
  3. Details about products and free tools that should be on your short list for use in effective computer forensics and incident response.
  4. Lessons learned from compromises, litigation, and incidents in large- and medium-scale environments.
  5. Practices of computer forensic pioneers that push the envelope in developing new tools and techniques for finding key evidence.
  6. Current trends in malicious attacks and how our forensic/response processes must adapt based on them.

Questions to Be Answered at the Summit

  1. What are the most advanced techniques begin used in forensics today?
  2. What are the new basics? What are the tools that are now considered "standard practice"?
  3. Which products are the best in the incident response and computer forensic community?
  4. What are the lessons learned from organizations that were compromised or had data breaches?
  5. What are the best practices to utilize in performing incident response and computer forensics?
  6. When should an organization hire third party consultants to help out in an incident?
  7. How can an organization respond to hundreds of machines in a single incident effectively?
  8. How can you reduce the impact of a data breach investigation?

Summit Chair

Rob Lee — SANS Institute and Mandiant

Organizing Committee

Toby Finnie - Director, High Tech Crime Consortium

Gary Kessler - Associate Professor Computer & Digital Forensics Program Champlain College

Doug White, Phd, CISSP, CCE. Roger Williams University

Ovie Carroll - Director DOJ Cyber Crime Lab

Eoghan Casey - Johns Hopkins University

Jonathan Ham - Independent Consultant, jham corp.

Scott Moulton - System Specialist, Forensic Strategy Services, LLC.

Who Should Attend

  • CISOs who see forensics as the "next big challenge."
  • Information security professionals who want to ensure they are not left behind in this fast-moving of security
  • Incident response personnel who are looking for an integration of forensics and investigative methodologies
  • Information security consultants who would like to accelerate their forensic/IR career field
  • Law Enforcement personnel who are looking at taking their technical skills ot the next level
  • Internal investigators who want to learn the latest evidence collection and analysis techniques
  • Anyone who would like to stay abreast of the latest threats and techniques for computer forensics and incident response by people actually doing it
  • Any organization that is currently attempting to mitigate a large scale intrusion or data breach
  • Managers who learn by listening to a panel of experts discuss the recent developments in the incident response and computer forensic fields
  • Incident responders who are faced with intrusions that might evade the traditional forensic tools

What Attendees are Saying

What past attendees had to say about the most recent 2008 Forensics Summit...

  • The level of intellectual capital at this conference was impressive.
    - Michael Cloppert, Lockheed Martin
  • This is the best forum to share info and to find out what works and what doesn't - without vendor spin.
    - Steve Wallace, Lyondell Bassel
  • The SANS WhatWorks Summit was an impressive collection of experts from both government and private sector, which provided a timely and informative agenda on incident response and forensic issues.
    - Boyd Barker, Shell Oil Company

Read the Blogs

http://www.darkreading.com/security/management/showArticle.jhtml?articleID=211600781 (GENERAL NEWS)

http://www.forensickb.com/2008/10/sans-forensic-incident-response-summit.html (Lance Mueller)

http://windowsir.blogspot.com/2008/11/ir-preparedness.html (Harlan Carvey)

http://windowsir.blogspot.com/2008/10/sans-forensic-summit_15.html (Harlan Carvey)

http://windowsir.blogspot.com/2008/10/sans-forensic-summit.html (Harlan Carvey)

http://taosecurity.blogspot.com/2008/10/thoughts-on-2008-sans-forensics-and-ir.html (Richard Bejtlich)

http://taosecurity.blogspot.com/2008/10/unify-against-threats.html (Richard Bejtlich)

http://volatility.tumblr.com/ (Aaron Walters)

http://www.f-response.com/index.php?option=com_content&task=view&id=80&Itemid=9 (F-Response)

http://www.sans.edu/resources/securitylab/2009_predictions.php (Security Predictions - Rob Lee)