Conference materials: Digital Forensics & Incident Response Summit 2016

SANS presented materials from Digital Forensics & Incident Response Summit 2016.

• All About that (Data)Base
  Matt Bromiley and Jacob Christie
• Analyzing Dridex, Getting Owned by Dridez, and Bringing in the New Year with Locky
  sudosev
• CryptoLocker Ransomware Variants are Lurking In the Shadows; Learn How to Protect Against Them
  Ryan Nolette
• Defending a Cloud
  Troy Larson, Microsoft Security Response Center – Azure
• Deleted Evidence – Fill in the Map to Luke Skywalker
  David Pany and Mary Singh
• Dive into DSL – Digital Response Analysis with Elasticsearch
  Brian Marks and Andrea Sancho Silgado
• Expanding the Hunt – A Case Study in Pivoting Using Passive DNS and Full PCAP
  Gene Stevens and Paul Vixie
• FLOSS Every Day – Automatically Extracting Obfuscated Strings from Malware
  William Ballenthin and Moritz Raabe
• Hadoop Forensics
  Kevvie Fowler
• Hello Barbie Forensics
  Andrew Blaich and Andrew Hay
• Incident Response Playbook for Android and iOS
  Andrew Hoog
• iOS of Sauron – How iOS Tracks Everything You Do
  Sarah Edwards
• Leveraging Cyber Threat Intelligence in an Active Cyber Defense
  Robert M. Lee and Erick Mandt
• Plumbing the Depths – Windows Registry Internals
  Eric Zimmerman
• Potential for False Flag Operations in the DNC Hack
  Jake Williams
• Puzzle Solving and Science – The Secret Sauce of Innovation in Mobile Forensics
  Crowley, Hoog, Leong, Mahalik, and Murphy
• Rising from the Ashes – How to Rebuild a Security Program Gone Wrong…with Help from Taylor Swift
  Shelly Giesbrecht and Mike Hracs
• Rocking Your Windows EventID with ELK Stack
  Rodrigo Ribeiro Montoro
• Seeing Red – Improving Blue Teams with Red Teaming
• Start-Process PowerShell – Get Forensic Artifact
  Jared Atkinson
• stoQ’ing Your Splunk
  Ryan Kovar and Marcus LaFerrera
• To Automate or Not to Automate – That is the Incident Response Question
  Brian Carrier
• Tracking Threat Actors through YARA Rules and Virus Total
  Kevin Perlow and Allen Swackhamer
• Trust but Verify – Why, When and How
  Mari DeGrazia
• UAV Forensic Analysis
  David Kovar
• Using Endpoint Telemetry to Accelerate the Baseline
  Keith McCammon
• What Does my SOC Do – A Framework for Defining an InfoSec Ops Strategy
  Austin Murphy
• What Would You Say You Do Here – Redefining the Role of Intelligence in Investigation
  Rebekah Brown, Rapid7
• Who Watches the Smart Watches
  Brian Moran