Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Don't Repeat Yourself - Automating Malware Incident Response for Fun and Profit

BSidesLV via YouTube

Overview

Explore automation techniques for malware incident response in this 30-minute conference talk from BSidesLV 2016. Gain insights into the roles of malware analysts and digital forensics tools, with a focus on OSX Collector and ISAC Selector. Learn about JSON entry examples, visualization techniques, and output filters. Discover how to leverage S3 event notifications, execute analysis filters, and interpret results. Understand the benefits of automating forensics collections, including time savings and improved interaction between analysts and help desk. Examine a script example and consider the advantages of remote collection methods. Conclude with a discussion on sandboxing and potential pitfalls in malware incident response automation.

Syllabus

Introduction
About me
What is malware incident response
People involved in malware incident response
Job of malware analysts
Digital forensics tools
OSX Collector
ISAC Selector
Example JSON Entry
Example JSON Visualization
OSEx Selector Output Filters
S3 Event Notifications
Osx Collector Output
Extract JSON File
Execute Analysis Filters
Analysis Results
Load Results
Automate forensics collections
Script example
Time savings
Interaction between analysts and help desk
No need for physical collection
Conclusion
What kind of falls
Sandboxing

Taught by

BSidesLV

Reviews

Start your review of Don't Repeat Yourself - Automating Malware Incident Response for Fun and Profit

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.