Windows System Monitor (Sysmon) for Incident Investigation and Threat Response

Learn how to effectively leverage Windows System Monitor (Sysmon) logs during incident investigations in this conference talk from BSidesCharm 2024. Discover the essential capabilities of Sysmon for tracking program execution, registry modifications, and DNS queries while gaining practical insights into threat actor activity analysis. Benefit from the expertise of Gerard Johansen, a seasoned cyber security professional with over 10 years of experience in Incident Response, Digital Forensics, Security Operations, and Cyber Threat Intelligence. Drawing from his extensive background as both a digital forensics analyst and Incident Commander managing large-scale network intrusions and ransomware cases, Gerard shares valuable knowledge on forensics, log management, and incident resolution. Currently working with a Managed Detection and Response vendor, Gerard brings real-world expertise from his experience presenting at prestigious conferences like SANS DFIR and Wild West Hackin' Fest, as well as his work authoring multiple editions of his Digital Forensics and Incident Response book.