�ݺ�ߣshows by User: AndrewDFIR

�ݺ�ߣshows by User: AndrewDFIR / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: AndrewDFIR / Fri, 04 Mar 2016 21:22:54 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: AndrewDFIR Proactive Measures to Defeat Insider Threat /slideshow/proactive-measures-to-defeat-insider-threat/59093132 andrew-case-rsa-final-160304212254
This presentation was delivered at RSA 2016 and discussed measures to defeat insider threat. It focused on real investigations that I have performed and how the victim companies could have prevented the associated harm.]]>
This presentation was delivered at RSA 2016 and discussed measures to defeat insider threat. It focused on real investigations that I have performed and how the victim companies could have prevented the associated harm.]]> Fri, 04 Mar 2016 21:22:54 GMT /slideshow/proactive-measures-to-defeat-insider-threat/59093132 AndrewDFIR@slideshare.net(AndrewDFIR) Proactive Measures to Defeat Insider Threat AndrewDFIR This presentation was delivered at RSA 2016 and discussed measures to defeat insider threat. It focused on real investigations that I have performed and how the victim companies could have prevented the associated harm. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/andrew-case-rsa-final-160304212254-thumbnail.jpg?width=120&height=120&fit=bounds" /> This presentation was delivered at RSA 2016 and discussed measures to defeat insider threat. It focused on real investigations that I have performed and how the victim companies could have prevented the associated harm.

Proactive Measures to Defeat Insider Threat from Andrew Case

]]> 1371 8 https://cdn.slidesharecdn.com/ss_thumbnails/andrew-case-rsa-final-160304212254-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Next Generation Memory Forensics /slideshow/volatility-osdfc2014/48851788 volatility-osdfc2014-150601171407-lva1-app6891
Evening keynote at the 2014 Open Source Digital Forensics conference. This talk covered the latest advances in memory forensics and malware analysis]]>
Evening keynote at the 2014 Open Source Digital Forensics conference. This talk covered the latest advances in memory forensics and malware analysis]]> Mon, 01 Jun 2015 17:14:07 GMT /slideshow/volatility-osdfc2014/48851788 AndrewDFIR@slideshare.net(AndrewDFIR) Next Generation Memory Forensics AndrewDFIR Evening keynote at the 2014 Open Source Digital Forensics conference. This talk covered the latest advances in memory forensics and malware analysis <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/volatility-osdfc2014-150601171407-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds" /> Evening keynote at the 2014 Open Source Digital Forensics conference. This talk covered the latest advances in memory forensics and malware analysis

Next Generation Memory Forensics from Andrew Case

]]> 2064 5 https://cdn.slidesharecdn.com/ss_thumbnails/volatility-osdfc2014-150601171407-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Unmasking Careto through Memory Forensics (video in description) /slideshow/unmasking-careto-through-memory-forensics-video-in-description/48851308 andrew-case-sector-final-150601170216-lva1-app6891
My presentation from SecTor 2014 on analyzing the sophisticated Careto malware with memory forensics & Volatility Video here: http://2014.video.sector.ca/video/110388398]]>
My presentation from SecTor 2014 on analyzing the sophisticated Careto malware with memory forensics & Volatility Video here: http://2014.video.sector.ca/video/110388398]]> Mon, 01 Jun 2015 17:02:16 GMT /slideshow/unmasking-careto-through-memory-forensics-video-in-description/48851308 AndrewDFIR@slideshare.net(AndrewDFIR) Unmasking Careto through Memory Forensics (video in description) AndrewDFIR My presentation from SecTor 2014 on analyzing the sophisticated Careto malware with memory forensics & Volatility Video here: http://2014.video.sector.ca/video/110388398 <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/andrew-case-sector-final-150601170216-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds" /> My presentation from SecTor 2014 on analyzing the sophisticated Careto malware with memory forensics & Volatility Video here: http://2014.video.sector.ca/video/110388398

Unmasking Careto through Memory Forensics (video in description) from Andrew Case

]]> 1703 3 https://cdn.slidesharecdn.com/ss_thumbnails/andrew-case-sector-final-150601170216-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 OMFW 2012: Analyzing Linux Kernel Rootkits with Volatlity /slideshow/anal-48848147/48848147 omfw-andrew-121012102825-phpapp01-150601154600-lva1-app6891
My presentation from OMFW 2012 on Linux & Volatility]]>
My presentation from OMFW 2012 on Linux & Volatility]]> Mon, 01 Jun 2015 15:46:00 GMT /slideshow/anal-48848147/48848147 AndrewDFIR@slideshare.net(AndrewDFIR) OMFW 2012: Analyzing Linux Kernel Rootkits with Volatlity AndrewDFIR My presentation from OMFW 2012 on Linux & Volatility <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/omfw-andrew-121012102825-phpapp01-150601154600-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds" /> My presentation from OMFW 2012 on Linux & Volatility

OMFW 2012: Analyzing Linux Kernel Rootkits with Volatlity from Andrew Case

]]> 841 3 https://cdn.slidesharecdn.com/ss_thumbnails/omfw-andrew-121012102825-phpapp01-150601154600-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced Malware /slideshow/hta-w22case140409062630phpapp01/48848146 hta-w22case-140409062630-phpapp01-150601154600-lva1-app6891
My presentation from RSA 2013 on using memory forensics to defeat advanced malware, encryption, and skilled attackers]]>
My presentation from RSA 2013 on using memory forensics to defeat advanced malware, encryption, and skilled attackers]]> Mon, 01 Jun 2015 15:46:00 GMT /slideshow/hta-w22case140409062630phpapp01/48848146 AndrewDFIR@slideshare.net(AndrewDFIR) Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced Malware AndrewDFIR My presentation from RSA 2013 on using memory forensics to defeat advanced malware, encryption, and skilled attackers <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/hta-w22case-140409062630-phpapp01-150601154600-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds" /> My presentation from RSA 2013 on using memory forensics to defeat advanced malware, encryption, and skilled attackers

Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced Malware from Andrew Case

]]> 1474 4 https://cdn.slidesharecdn.com/ss_thumbnails/hta-w22case-140409062630-phpapp01-150601154600-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Hunting Mac Malware with Memory Forensics /slideshow/hta-f01huntingmacmalwarewithmemoryforensics140409062805phpapp02/48848142 hta-f01-hunting-mac-malware-with-memory-forensics-140409062805-phpapp02-150601154556-lva1-app6891
My presentation from RSA 2014 on using memory forensics to track and analyze advanced malware and attackers on OS X.]]>
My presentation from RSA 2014 on using memory forensics to track and analyze advanced malware and attackers on OS X.]]> Mon, 01 Jun 2015 15:45:56 GMT /slideshow/hta-f01huntingmacmalwarewithmemoryforensics140409062805phpapp02/48848142 AndrewDFIR@slideshare.net(AndrewDFIR) Hunting Mac Malware with Memory Forensics AndrewDFIR My presentation from RSA 2014 on using memory forensics to track and analyze advanced malware and attackers on OS X. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/hta-f01-hunting-mac-malware-with-memory-forensics-140409062805-phpapp02-150601154556-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds" /> My presentation from RSA 2014 on using memory forensics to track and analyze advanced malware and attackers on OS X.

Hunting Mac Malware with Memory Forensics from Andrew Case

]]> 759 5 https://cdn.slidesharecdn.com/ss_thumbnails/hta-f01-hunting-mac-malware-with-memory-forensics-140409062805-phpapp02-150601154556-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 My Keynote from BSidesTampa 2015 (video in description) /slideshow/my-keynote-from-bsidestampa-2015-video-in-description/45632947 iyffuh9zsyizwjasg8ok-signature-631d1dc254c31c1f8b9255fbb1ddfd9ceb47aa7ed3185eaad7fee6f4c3bc2a2a-poli-150309184326-conversion-gate01
This is the slides from keynote presentation at BSidesTampa 2015. A recording of the talk can be found at: https://www.youtube.com/watch?v=751bkSD2Nn8&t=1m35s]]>
This is the slides from keynote presentation at BSidesTampa 2015. A recording of the talk can be found at: https://www.youtube.com/watch?v=751bkSD2Nn8&t=1m35s]]> Mon, 09 Mar 2015 18:43:26 GMT /slideshow/my-keynote-from-bsidestampa-2015-video-in-description/45632947 AndrewDFIR@slideshare.net(AndrewDFIR) My Keynote from BSidesTampa 2015 (video in description) AndrewDFIR This is the slides from keynote presentation at BSidesTampa 2015. A recording of the talk can be found at: https://www.youtube.com/watch?v=751bkSD2Nn8&t=1m35s <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/iyffuh9zsyizwjasg8ok-signature-631d1dc254c31c1f8b9255fbb1ddfd9ceb47aa7ed3185eaad7fee6f4c3bc2a2a-poli-150309184326-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds" /> This is the slides from keynote presentation at BSidesTampa 2015. A recording of the talk can be found at: https://www.youtube.com/watch?v=751bkSD2Nn8&t=1m35s

My Keynote from BSidesTampa 2015 (video in description) from Andrew Case

]]> 6949 6 https://cdn.slidesharecdn.com/ss_thumbnails/iyffuh9zsyizwjasg8ok-signature-631d1dc254c31c1f8b9255fbb1ddfd9ceb47aa7ed3185eaad7fee6f4c3bc2a2a-poli-150309184326-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Mac Memory Analysis with Volatility /slideshow/mac-memory-analysis-with-volatility/13477440 sas-summit-mac-memory-analysis-120627204122-phpapp02
My talk on Mac memory analysis with Volatility from the 2012 SANS Digital Forensics and Incident Response summit]]>
My talk on Mac memory analysis with Volatility from the 2012 SANS Digital Forensics and Incident Response summit]]> Wed, 27 Jun 2012 20:41:19 GMT /slideshow/mac-memory-analysis-with-volatility/13477440 AndrewDFIR@slideshare.net(AndrewDFIR) Mac Memory Analysis with Volatility AndrewDFIR My talk on Mac memory analysis with Volatility from the 2012 SANS Digital Forensics and Incident Response summit <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/sas-summit-mac-memory-analysis-120627204122-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" /> My talk on Mac memory analysis with Volatility from the 2012 SANS Digital Forensics and Incident Response summit

Mac Memory Analysis with Volatility from Andrew Case

]]> 6072 22 https://cdn.slidesharecdn.com/ss_thumbnails/sas-summit-mac-memory-analysis-120627204122-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Linux Memory Analysis with Volatility /slideshow/omfw/10718304 omfw-111229114938-phpapp02
�ݺ�ߣs from my presentation at the 2011 Open Memory Forensics Workshop]]>
�ݺ�ߣs from my presentation at the 2011 Open Memory Forensics Workshop]]> Thu, 29 Dec 2011 11:49:38 GMT /slideshow/omfw/10718304 AndrewDFIR@slideshare.net(AndrewDFIR) Linux Memory Analysis with Volatility AndrewDFIR �ݺ�ߣs from my presentation at the 2011 Open Memory Forensics Workshop <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/omfw-111229114938-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" /> �ݺ�ߣs from my presentation at the 2011 Open Memory Forensics Workshop

Linux Memory Analysis with Volatility from Andrew Case

]]> 2513 4 https://cdn.slidesharecdn.com/ss_thumbnails/omfw-111229114938-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Investigating Cooridinated Data Exfiltration /slideshow/gfirst-2011goldenandrew/10718303 gfirst-2011-golden-andrew-111229114934-phpapp02
My presentation on investigating coordinated data exfiltration with Dr. Golden Richard at GFIRST 2011.]]>
My presentation on investigating coordinated data exfiltration with Dr. Golden Richard at GFIRST 2011.]]> Thu, 29 Dec 2011 11:49:32 GMT /slideshow/gfirst-2011goldenandrew/10718303 AndrewDFIR@slideshare.net(AndrewDFIR) Investigating Cooridinated Data Exfiltration AndrewDFIR My presentation on investigating coordinated data exfiltration with Dr. Golden Richard at GFIRST 2011. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/gfirst-2011-golden-andrew-111229114934-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" /> My presentation on investigating coordinated data exfiltration with Dr. Golden Richard at GFIRST 2011.

Investigating Cooridinated Data Exfiltration from Andrew Case

]]> 8301 7 https://cdn.slidesharecdn.com/ss_thumbnails/gfirst-2011-golden-andrew-111229114934-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Workshop - Linux Memory Analysis with Volatility /slideshow/blackhat-workshopfullpresentation/10718297 blackhat-workshop-full-presentation-111229114852-phpapp01
�ݺ�ߣs from my 3 hour workshop at Blackhat Vegas 2011. Covers using Volatility to perform Linux memory analysis investigations as well Linux kernel internals.]]>
�ݺ�ߣs from my 3 hour workshop at Blackhat Vegas 2011. Covers using Volatility to perform Linux memory analysis investigations as well Linux kernel internals.]]> Thu, 29 Dec 2011 11:48:50 GMT /slideshow/blackhat-workshopfullpresentation/10718297 AndrewDFIR@slideshare.net(AndrewDFIR) Workshop - Linux Memory Analysis with Volatility AndrewDFIR �ݺ�ߣs from my 3 hour workshop at Blackhat Vegas 2011. Covers using Volatility to perform Linux memory analysis investigations as well Linux kernel internals. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/blackhat-workshop-full-presentation-111229114852-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds" /> �ݺ�ߣs from my 3 hour workshop at Blackhat Vegas 2011. Covers using Volatility to perform Linux memory analysis investigations as well Linux kernel internals.

Workshop - Linux Memory Analysis with Volatility from Andrew Case

]]> 6486 18 https://cdn.slidesharecdn.com/ss_thumbnails/blackhat-workshop-full-presentation-111229114852-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Memory Analysis of the Dalvik (Android) Virtual Machine /slideshow/android-memoryanalysis/10718294 android-memory-analysis-111229114843-phpapp01
My presentation on Dalvik memory analysis. Presented at Source Seattle 2011.]]>
My presentation on Dalvik memory analysis. Presented at Source Seattle 2011.]]> Thu, 29 Dec 2011 11:48:40 GMT /slideshow/android-memoryanalysis/10718294 AndrewDFIR@slideshare.net(AndrewDFIR) Memory Analysis of the Dalvik (Android) Virtual Machine AndrewDFIR My presentation on Dalvik memory analysis. Presented at Source Seattle 2011. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/android-memory-analysis-111229114843-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds" /> My presentation on Dalvik memory analysis. Presented at Source Seattle 2011.

Memory Analysis of the Dalvik (Android) Virtual Machine from Andrew Case

]]> 2955 5 https://cdn.slidesharecdn.com/ss_thumbnails/android-memory-analysis-111229114843-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 De-Anonymizing Live CDs through Physical Memory Analysis /slideshow/deanonymizing-live-cds-through-physical-memory-analysis/10718292 slides-de-anonymizinglivecdsthroughphysicalmemoryanalysis-111229114831-phpapp01
�ݺ�ߣs from my Blackhat D.C. 2011 presentation on memory analysis of live CDs]]>
�ݺ�ߣs from my Blackhat D.C. 2011 presentation on memory analysis of live CDs]]> Thu, 29 Dec 2011 11:48:29 GMT /slideshow/deanonymizing-live-cds-through-physical-memory-analysis/10718292 AndrewDFIR@slideshare.net(AndrewDFIR) De-Anonymizing Live CDs through Physical Memory Analysis AndrewDFIR �ݺ�ߣs from my Blackhat D.C. 2011 presentation on memory analysis of live CDs <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/slides-de-anonymizinglivecdsthroughphysicalmemoryanalysis-111229114831-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds" /> �ݺ�ߣs from my Blackhat D.C. 2011 presentation on memory analysis of live CDs

De-Anonymizing Live CDs through Physical Memory Analysis from Andrew Case

]]> 1525 4 https://cdn.slidesharecdn.com/ss_thumbnails/slides-de-anonymizinglivecdsthroughphysicalmemoryanalysis-111229114831-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://cdn.slidesharecdn.com/profile-photo-AndrewDFIR-48x48.jpg?cb=1536682132 I am a core Volatility developer, teach the Digital Forensics & Incident Response class at Black Hat, help organize BSides New Orleans, and am generally interested in computer security and forensics www.dfir.org https://cdn.slidesharecdn.com/ss_thumbnails/andrew-case-rsa-final-160304212254-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/proactive-measures-to-defeat-insider-threat/59093132 Proactive Measures to ... https://cdn.slidesharecdn.com/ss_thumbnails/volatility-osdfc2014-150601171407-lva1-app6891-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/volatility-osdfc2014/48851788 Next Generation Memory... https://cdn.slidesharecdn.com/ss_thumbnails/andrew-case-sector-final-150601170216-lva1-app6891-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/unmasking-careto-through-memory-forensics-video-in-description/48851308 Unmasking Careto throu...