Join Lansing ISSA for our annual fall training event under the title of “Lansing Cyber Academy”, a new Lansing ISSA initiative to educate and increase the skillset of our community members. This event will take place on Saturday, November 4th, from 8am to 4pm. Register for a full day training exploring an incident response open source tool in an interactive workshop setting.
In the chaos of initial response to an incident, responders must rapidly gather and evaluate critical data in order to focus followup activities. Among the most important data are forensic artifacts from affected machines. This session will briefly discuss a variety of forensic artifacts, concentrating on Windows hosts, and introduce an open source tool for rapid triage of target platforms. The tool – “CyLR, CDQR Forensics – Virtual Machine” – was written by Alan Orlikoski and has been discussed at security conferences in the recent past, including the SANS DFIR Summit and Defcon 25.Attendees will learn how to set up the tool to collect data with CyLR; process forensic artifacts easily with CDQR; and use Kibana (as setup in CCF-VM) for DFIR purposes. We will then use the tool to collect and evaluate artifacts in an example scenario.