What Event Logs Part 2 Lateral Movement without Event Logs
SANS Digital Forensics and Incident Response
@sansforensicsAbout
Over 80% of all breach victims learn of a compromise from third-party notifications, not from internal security teams. In most cases, adversaries have been rummaging through your network undetected for months or even years. Incident response tactics and procedures have evolved rapidly over the past several years. Data breaches and intrusions are growing more complex. Adversaries are no longer compromising one or two systems in your enterprise; they are compromising hundreds. Your team can no longer afford antiquated incident response techniques that fail to properly identify compromised systems, provide ineffective containment of the breach, and ultimately fail to rapidly remediate the incident. A thorough understanding of many detailed areas is required for success, including a mastery of the following fundamental skills covered by the SANS Digital Forensics and Incident Response (DFIR) YouTube Channel.
Video Description
Working without Windows Event Logs - a two-part webcast series. Many analysts rely on Windows Event Logs to help gain context of attacker activity on a system, with log entries serving as the correlative glue between additional artifacts, But what happens when the attackers find ways to remove the logs, or worse, stop the logs from writing? We must find a way to adapt. In part 2 of this series, SANS instructor and incident responder Matt Bromiley will discuss techniques to identify lateral movement when Windows Event Logs are not present. Sometimes logs roll without preservation, and sometimes attackers remove them from infected systems. Despite this, there are still multiple artifacts we can rely on to identify where our attackers came from, and where they went. In this webcast, we'll discuss the techniques and artifacts to identify this activity. Watch Part 1 of the webcast series here: https://www.youtube.com/watch?v=7JIftAw8wQY&t=174s Event Logs is just one of the subjects covered in FOR508: Advanced Digital Forensics, Incident Response & Threat Hunting. For more information about the course visit: https://www.sans.org/FOR508 Speaker Bio Matt Bromiley, is a SANS Digital Forensics and Incident Response instructor and a GIAC Advisory Board member. He is also a senior managing consultant at a major incident response and forensic analysis company, bringing together experience in digital forensics, incident response/triage and log analytics. His skills include disk, database, memory and network forensics, as well as network security monitoring. Matt has worked with clients of all types and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.
Upgrade Your Everyday
AI-recommended products based on this video
Amazon Echo Show 8 (newest model), With Spatial Audio, Smart Home Hub, and Alexa, Charcoal
Apple AirPods 4 Wireless Earbuds, Bluetooth Headphones, with Active Noise Cancellation, Adaptive Audio, Transparency Mode, Personalized Spatial Audio, USB-C Charging Case, Wireless Charging, H2 Chip
Wireless Earbuds, Bluetooth 5.4 Headphones, True Wireless Stereo Earphones with IPX7 Waterproof, Noise Cancelling Mic, Fast Charging and Comfort Fit Ear Buds for Sports/Workouts - Black
Apple AirPods 4 Wireless Earbuds, Bluetooth Headphones, Personalized Spatial Audio, Sweat and Water Resistant, USB-C Charging Case, H2 Chip, Up to 30 Hours of Battery Life, Effortless Setup for iPhone
Apple AirPods Pro 2 Wireless Earbuds, Active Noise Cancellation, Hearing Aid Feature, Bluetooth Headphones, Transparency, Personalized Spatial Audio, High-Fidelity Sound, H2 Chip, USB-C Charging
Smart Watch for Men/Women, 1.95" AMOLED Fitness Tracker Watches with Bluetooth Calls/Flashlight/100+ Sport Modes Heart Rate/Sleep Monitor Ultra Lightweight Ultrathin Design
Smart Watch for Men Women (Answer/Make Call), 1.96" HD Smartwatch Fitness Activity Tracker, 110+ Sports IP68 Waterproof, Heart Rate/Sleep Monitor/Pedometer/Calories, Fitness Watch for Android iOS
![Apple Watch Series 10 [GPS 46mm case] Smartwatch with Rose Gold Aluminium Case with Light Blush Sport Band - M/L. Fitness Tracker, ECG App, Always-On Retina Display, Water Resistant](https://m.media-amazon.com/images/I/61nNNMI1cFL._AC_UL960_FMwebp_QL65_.jpg)
Apple Watch Series 10 [GPS 46mm case] Smartwatch with Rose Gold Aluminium Case with Light Blush Sport Band - M/L. Fitness Tracker, ECG App, Always-On Retina Display, Water Resistant
![Apple Watch Series 10 [GPS 42mm case] Smartwatch with Jet Black Aluminium Case with Black Sport Band - S/M. Fitness Tracker, ECG App, Always-On Retina Display, Water Resistant](https://m.media-amazon.com/images/I/6105jZyXyPL._AC_UL960_FMwebp_QL65_.jpg)
Apple Watch Series 10 [GPS 42mm case] Smartwatch with Jet Black Aluminium Case with Black Sport Band - S/M. Fitness Tracker, ECG App, Always-On Retina Display, Water Resistant
NOCO Boost GB40: 1000A UltraSafe Jump Starter – 12V Lithium Battery Booster Pack, Portable Jump Box, Power Bank & Jumper Cables - for 6.0L Gas and 3.0L Diesel Engines
UGREEN Nexode Power Bank 20000mAh 130W Portable Charger 72Wh PD Fast Charging 3-Port USB C Battery Pack with TFT Smart Display for MacBook/iPad/iPhone 16/Samsung S24 and More
ANKER 737 Power Bank, 24,000mAh 3-Port Laptop Portable Charger with 140W Fast Charging, Smart Display, for Outdoor Work, Compatible with iPhone 16/15/14 Series, Vision Pro, Samsung, MacBook, and More
VOLTME Portable Charger, Slim 10000mAh 5V/3A Power Bank, USB C in&Out High-Speed Charging Battery Pack, Travel Essentials Dual Output Compatible with iPhone 16 15 14 13 12 Samsung Google iPad etc
Apple AirPods 4 Wireless Earbuds, Bluetooth Headphones, with Active Noise Cancellation, Adaptive Audio, Transparency Mode, Personalized Spatial Audio, USB-C Charging Case, Wireless Charging, H2 Chip
Apple AirPods 4 Wireless Earbuds, Bluetooth Headphones, Personalized Spatial Audio, Sweat and Water Resistant, USB-C Charging Case, H2 Chip, Up to 30 Hours of Battery Life, Effortless Setup for iPhone
Apple AirPods Pro 2 Wireless Earbuds, Active Noise Cancellation, Hearing Aid Feature, Bluetooth Headphones, Transparency, Personalized Spatial Audio, High-Fidelity Sound, H2 Chip, USB-C Charging
Bose QuietComfort Bluetooth Headphones, Wireless Headphones with Active Over Ear Noise Cancelling and Mic, Deep Bass, Up to 24 Hours of Playtime, White Smoke
Barnyard Designs Indoor Herb Garden Planter Set with Tray, Metal Windowsill Plant Pots with Drainage for Outdoor or Indoor Plants, Set/3 (Black)
Eye Contact Web Camera for Desktop Computer – 1080P USB Camera with Microphone & Stand, Center Cam for Laptop or Desktop, Manual Focus, Plug & Play for macOS & Windows(Black)
![PEHAEL 3+3Pack for iPhone 17 Pro Max Privacy Screen Protector with Camera Lens Protector Full Coverage Anti-Spy Tempered Glass Film 9H Hardness Easy Installation Bubble Free [6.9 inch]](https://m.media-amazon.com/images/I/61PnVkv6KKL._AC_UL960_FMwebp_QL65_.jpg)
PEHAEL 3+3Pack for iPhone 17 Pro Max Privacy Screen Protector with Camera Lens Protector Full Coverage Anti-Spy Tempered Glass Film 9H Hardness Easy Installation Bubble Free [6.9 inch]
![Ailun 3 Pack Screen Protector for iPhone 16 Pro Max [6.9 inch] + 3 Pack Camera Lens Protector with Installation Frame,Sensor Protection,Dynamic Island Compatible,Case Friendly Tempered Glass Film](https://m.media-amazon.com/images/I/815keamN-BL._AC_UL960_FMwebp_QL65_.jpg)
Ailun 3 Pack Screen Protector for iPhone 16 Pro Max [6.9 inch] + 3 Pack Camera Lens Protector with Installation Frame,Sensor Protection,Dynamic Island Compatible,Case Friendly Tempered Glass Film
