The Road to CEIC 2012 – Day Three of CEIC v12: A Full Day of Learning

Jessica Bair

The “Road to CEIC 2012” is a series of blog posts on all things CEIC (@CEIC_Conf), before, during and after, from an insider’s point of view.

Each morning at CEIC, thousands of cups of coffee are consumed by attendees, presenters and staff…the oil lubricating the engine of the premier event for the exchange of best practices in Digital Investigations. The Cyber Response lab track started Wednesday, the final full day of CEIC v12, with Collection and Analysis Strategies in a Multi-TB World, by Mike Webber, owner of BitSec Global Forensics. Mike is clearly a professional instructor, as he led the attendees in a facilitated group discussion on multi-terabyte collection strategies, with commercial tools such as EnCase Enterprise, EnCase eDiscovery and EnCase Portable, as well as freeware and open source tools. He then shifted to a hands-on lab exercise, during which Mike shared techniques for triaging large data sets; helping the attendees with skills to triage large data sets quickly and efficiently, and provide reliable answers sooner to their clients or legal team.

We had a refreshment break in the Exhibit Hall, and a great opportunity to explore the many hardware products Tableau offers for forensic imaging. Attendees were taking advantage of connecting with the Technical Services team, lead by Griffith Williams, director of technical services. You have spoken with them on the phone, communicate by email, remote support session and message board, and now are able to meet them in person!

The Cyber Response lab track continued with EnCase Cybersecurity Command Center: SQL Databases Exposed! by Aaron Bennett, Guidance Software field engineer, and Stephen Pascual, manager of Enterprise Application development. Aaron and Stephen delved into the Microsoft SQL Database setup and diagnosis in the ECC Ecosystem (EnCase eDiscovery and EnCase Cybersecurity). They shared their custom scripts and tools for managing, connecting and backing up the SQL databases. Then they took the attendees through hands-on exercises, with a practical setup guide, and tips & tricks for solving common problems.

After lunch, the Cyber Response lab filled to capacity again with Memory Analysis & Malware Triage by David Nardoni, director at PWC, and Jef Dye, manager at PWC. We brought in extra chairs to accommodate the stand-by attendees. David and Jeff provided an overview of commercial and free tools for live memory collection and analysis; and covered basic malware triage, skills and pitfalls. After which, we checked out automated cyber response in the Exhibit Hall.

Wrapping up Cyber Response for the third day was Planning to Manage Incidents: Beyond the Response by David Brown of Accuvant. How organizations respond to the widening spectrum of security incidents is an important component of risk management; and David facilitated a discussion on best practices for preventing damage to the organization’s operations and reputation. David provided his experience in: 1) Building the plan, 2) Rolling out and executing the plan, and 3) Post incident procedures, such as closure communications and wrap up, control review, and process lessons learned.

Don’t forget to register for CEIC 2013 before you leave on Thursday, and lock in the $695 discount rate on the conference fees. You have the justification from your experiences this week, to help your management team understand the benefit on investing in your training and professional development.

vWith the sessions completed around 5pm, there was time to go experience the social side of Las Vegas with friends and colleagues. I enjoyed our team dinner with the Training Department staff who provided the backbone support for the CEIC v12 labs and certification testing. Well done Team Training!

Jessica Bair
Senior Director, Curriculum Development

No comments :

Post a Comment