SANS Digital Forensics and Incident Response Blog: Author - sansinstitute

Learn To Investigate Data Breach Incidents

Computer Forensic Training is becoming more critical to your organizations incident response plan due to some of the current threats that are being discovered. Organizations will find more and more that they will need a team of trained incident responders and computer forensic analysts. Your organization needs to be prepared on how to handle sophisticated incidents and organized groups that can easily walk around your perimeter defenses.

Here are just a few recent headlines over the last year scoping the current threat against many networks.

MSNBC: "Report: Obama helicopter security breached. Pa company says blueprints for Marine One found at Iran IP address"

Wall Street Journal: "Computer Spies Breach Fighter-Jet Project"


Incident Detection Summit 2009 Webcast

Ken Bradley and Richard Bejtlich will conduct a Webcast for SANS on Monday 2 Nov at 1 pm EST. Check out the sign-up page.
Every day, intruders find ways to compromise enterprise assets around the world. To counter these attackers, professional incident detectors apply a variety of host, network, and other mechanisms to identify intrusions and respond as quickly as efficiently as possible.

In this Webcast, Richard Bejtlich, Director of Incident Response for General Electric, and Ken Bradley, Information Security Incident Handler for the General Electric Computer


Have any training budget left for this year? Add a forensic analyst to your team!

One trend we are seeing over and over again this year is that even well resourced incident response teams appear to be lacking a strong forensic analysis capability. Many teams simply do not have the ability to quickly and efficiently find and analyze malware present within their enterprise. With threats like the APT (Advanced Persistent Threat) increasing, it seems like a forgone conclusion that every incident response team should have a forensic analyst as well as someone skilled in malware reverse engineering. If you have experiences that agree or disagree with this assertion, please share them!

If you have training funds available for 2009 there are still several SANS forensics classes scheduled. As an added bonus, classes tend to be smaller this time of year, allowing for


GIAC Certifications in High Demand: GCFA (GIAC Certified Forensic Analyst)

Excellent article discussing the increased demand for real technical skills. It has an excellent writeup on GIAC Certifications including the GIAC Certified Forensic Analyst (GCFA).



Why are certifications in high demand? From the article:

Increased Usage and Dependency on Digital


The Need for Digital Forensics: Rob Lee's Interview with Tom Field

Rob Lee of MANDIANT and the SANS Institute was interviewed by Tom Field.

Rob Lee, a director with Mandiant and curriculum lead for digital forensic training at SANS Institute, discusses:

  • the growing need for digital forensics skills;
  • today's top challenges and how organizations are tackling them;
  • career prospects for individuals in digital forensics.

The Podcast can be found here: PODCAST DOWNLOAD

The Article can be found here: ARTICLE LINK

Digital Forensics: Great Need, New Careers - Rob Lee, SANS Institute