In this edition of SANS Community Night scheduled on 21 March 2018 in Singapore, SANS Certified Instructor David Cowen will give a talk titled “Anti Anti Forensics: How to Detect, Defeat and Reverse Anti Forensic Utilities”. In today’s world of insider threats, rapid intrusions and stealthy malware, evidence has to be validated. Anti forensics has to be detected and the damage undone to track down those behind it. The talk will discuss how to detect anti forensics through the traces the most popular tools leave behind (CCleaner, Eraser, Timestomp), how to use those traces to determine when the attacker was active and then use advanced techniques such as File System Journaling forensics to reverse the damage done and find out what the attacker was hiding.
David Cowen is a Certified SANS Instructor and a Partner at G-C Partners, LLC, where his team of expert digital forensics investigators pushes the boundaries of what is possible on a daily basis. He has been working in digital forensics and incident response since 1999 and has performed investigations covering thousands of systems in the public and private sector. David has authored three series of books on digital forensics; Hacking Exposed Computer Forensics (1st-3rd editions), Infosec Pro Guide to Computer Forensics, and the Anti Hacker Toolkit (Third Edition). His research into file system journaling forensics has created a new area of analysis that is changing the industry. Combined with Triforce products, David’s research enables examiners to go back in time to find previously unknown artifacts and system interactions.
David is a Certified Information Systems Security Professional (CISSP) and a GIAC Certified Forensic Examiner. He is the winner of the first SANS DFIR NetWars and a SANS Lethal Forensicator whose passion for digital forensics can be seen in everything he does. He started in 1996 as a penetration tester and has kept up his information security knowledge by acting as the Red Team captain for the National Collegiate Cyber Defense Competition for the last nine years.
Date: 21 March 2018
Time: 6:00PM – 8:45PM
Venue: Level 3 – Grand Copthorne Waterfront Hotel, 392 Havelock Road, Singapore 169663
To register for the talk, please click here and log in with your SANS account to complete the registration.