Thursday, April 09, 2009

SANS Forensic Summit Agenda

Rob Lee has posted the agenda for the SANS Forensics and Incident Response Summit, to be held 7-9 July 2009 in Washington, DC.

I attended the first summit in Oct, 2008 and I have to tell you, it was one of the best conferences I've been to! It was extremely well organized with a lot of great speakers and great information, and provided ample opportunity for folks to mingle, ask questions, etc. My hope is that this year's summit will surpass the first one by orders of magnitude, as this kind of summit/conference/gathering is sorely needed.

This year's line up includes a keynote from Richard Bejtlich, followed by a presentation by Kris Harms, and then an IR panel discussion. This year, Rob's following a similar agenda (different content) as he did with the first summit, which IMHO was very successful.

I'll be presenting on the topic of Registry analysis, and with only about 50 minutes, I'll be ripping through the basics to get to the guts of why we need to do Registry analysis in the first place. Of course, I'll be talking about RegRipper, JT's regslack.pl (which has been HUGELY beneficial in a number of engagements) as well as how to run RegRipper plugins against the hive files stored in Windows XP System Restore Points...automatically!

There are also going to be presentations and panels addressing forensic tools and techniques, given by some of the folks who have developed and use them on a regular basis.

Also, look for Bret and Ovie to record their CyberSpeak podcast live at the Summit!

Hey, if you've got to be in DC on 7 July 2009, THIS is where you need to be! ;-)

4 comments:

Matthieu Suiche said...

I'm not even invited :-(

Larry E. Daniel said...

I'm coming just to heckle you, Harlan!

H. Carvey said...

Good. I know how to deal with hecklers! ;-)

Larry E. Daniel said...

Actually, I will be on a panel there. I look forward to seeing you.