The Gist of Hundreds of Incident Response Cases

How to become an Incident Response Rockstar? After conducting hundreds of Incident Response cases, more data is not always better. Focusing on the most relevant forensic data can speed up the investigation process rapidly. In this talk, we will discuss the importance of various event logs to track down lateral movement paths from the attackers, how to find planted (and seemingly legitimate) backdoors, and how you can work smarter, not harder - which also holds true in digital forensics. As a bonus, we will discuss less-known artifacts like MPLogs and the bitmap cache. By attending this talk, participants will be better and more efficient Incident Responders as they can focus on key aspects of an investigation.

Presented at Security Fest 2024.

Speaker: Stephan Berger

About Stephan Berger

Stephan Berger has worked in IT security for over ten years, now for over three years at the Swiss security company InfoGuard, where he leads the Incident Response Team. He is an active twitterer (@malmoeb), owns a Bachelor's in Computer Science and a Master's in Engineering, as well as various SANS certifications and the OSCP.

SUBSCRIBE TO OUR NEWSLETTER

Get all relevant information and news regarding Security Fest, when we release recordings of talks, etc.

Get newsletter →