Overview
Explore automation techniques for malware incident response in this 30-minute conference talk from BSidesLV 2016. Gain insights into the roles of malware analysts and digital forensics tools, with a focus on OSX Collector and ISAC Selector. Learn about JSON entry examples, visualization techniques, and output filters. Discover how to leverage S3 event notifications, execute analysis filters, and interpret results. Understand the benefits of automating forensics collections, including time savings and improved interaction between analysts and help desk. Examine a script example and consider the advantages of remote collection methods. Conclude with a discussion on sandboxing and potential pitfalls in malware incident response automation.
Syllabus
Introduction
About me
What is malware incident response
People involved in malware incident response
Job of malware analysts
Digital forensics tools
OSX Collector
ISAC Selector
Example JSON Entry
Example JSON Visualization
OSEx Selector Output Filters
S3 Event Notifications
Osx Collector Output
Extract JSON File
Execute Analysis Filters
Analysis Results
Load Results
Automate forensics collections
Script example
Time savings
Interaction between analysts and help desk
No need for physical collection
Conclusion
What kind of falls
Sandboxing
Taught by
BSidesLV