Hunting for the presence of the adversary usually involves digging, sifting and analyzing vast amounts of data gathered from endpoints and network traffic logs. The type of analysis, the tools and the methodologies used for this purpose varies among analysts though, making reusability harder as each analyst uses its own scripts with its own algorithms and abstractions. To assist with this challenge, Ismael Valenzuela (Certified SANS Instructor, GSE #132 and Principal Engineer at McAfee) will introduce Open CNA, a new strategy based on open standards for Collection, Normalization and Analysis, together with a new open source toolset consisting of (1) a simple client/server architecture based on the “rastrea2r” project (presented at BlackHat Arsenal 2016), which allows analysts to gather valuable data from endpoint snapshots, (2) a python SDK that provides a layer of abstraction over the data that has been gathered, (3) a powerful Machine Learning library containing algorithms that will assist detecting the adversary’s presence in the data mined and (4) a set of reporting tools that can present all the findings in an actionable way.
Views: 18 SANS Blue Team
Trust but Verify: Why, When and How Ask not what your tools can do for you, but what you should be doing with your tools. How does an examiner know if the tools they are using are providing accurate and trustworthy results? In this talk we will cover the importance of verifying and testing your tools with real world examples of tool fails. We’ll also walk through and example of how to verify your tools using several methods. Mari DeGrazia (@maridegrazia), Director, Kroll Cyber Security Mari DeGrazia (@maridegrazia), Director, Kroll Cyber Security Mari DeGrazia is a director at Kroll Cyber Security, which provides incident response services on a global scale. Throughout her career in DFIR, Mari has investigated high-profile breach cases, worked civil and criminal cases, and provided testimony as an expert witness. Mari has a Bachelor’s of Science in Computer Science from Hawaii Pacific University as well as various certificates related to digital forensics. She is currently pursuing her Masters of Science in Digital Forensics.
Views: 413 SANS Digital Forensics and Incident Response
Presented June 13, 2018. Data mining in PubMed may require the analysis of thousands of records. The E-utilities efetch service often limits your ability to retrieve large numbers of records in a short time. As you will see in this webinar, EDirect allows you much faster access by operating on a local copy of PubMed. EDirect includes an archive-pubmed script that fully automates the download, update, extraction, and storage process. EDirect's Local Data Cache uses a hierarchy of 1 million folders to organize the 28 million PubMed files and provides direct and rapid access to any record. These features use recent advances in computer file system technology to repackage all of PubMed as individual files on an inexpensive 500 gigabyte external solid state drive. In this webinar, you will learn how to use EDirect to install PubMed locally and then search and retrieve records from the local instance. You will also see an analysis example that shows the significant speed improvement with the Local Cache and employs some advanced EDirect xtract options to aid with processing records. EDirect: https://www.ncbi.nlm.nih.gov/books/NBK179288/ To get video updates, subscribe to the NCBI YouTube channel: www.youtube.com/ncbinlm
Views: 949 NCBI
Training videos for lawyers who require advanced skills in the deployment of computer evidence and electronic document discovery.
Views: 95 Karl Obayi