Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Windows System Monitor (Sysmon) for Incident Investigation and Threat Response

BSidesCharm via YouTube

Overview

Learn how to effectively leverage Windows System Monitor (Sysmon) logs during incident investigations in this conference talk from BSidesCharm 2024. Discover the essential capabilities of Sysmon for tracking program execution, registry modifications, and DNS queries while gaining practical insights into threat actor activity analysis. Benefit from the expertise of Gerard Johansen, a seasoned cyber security professional with over 10 years of experience in Incident Response, Digital Forensics, Security Operations, and Cyber Threat Intelligence. Drawing from his extensive background as both a digital forensics analyst and Incident Commander managing large-scale network intrusions and ransomware cases, Gerard shares valuable knowledge on forensics, log management, and incident resolution. Currently working with a Managed Detection and Response vendor, Gerard brings real-world expertise from his experience presenting at prestigious conferences like SANS DFIR and Wild West Hackin' Fest, as well as his work authoring multiple editions of his Digital Forensics and Incident Response book.

Syllabus

BSidesCharm 2024 - Sysmon or it Didn’t Happen

Taught by

BSidesCharm

Reviews

Start your review of Windows System Monitor (Sysmon) for Incident Investigation and Threat Response

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.