my enfuse 2016 experience
Now that I have touched down back on the East coast, it is time to reflect on my experience at the Enfuse 2016 conference hosted by Guidance Software. First, let me say that it was an amazing experience. I received an abundance of information and networking opportunities in the conference’s Expo Hall alone. The sessions I attended held even more information and my love for the field of cybersecurity and digital forensics was confirmed.
Now remember, this is Vegas! The excitement and socialization definitely did not stop at the end of the conference’s day. I was able to speak with other attendees throughout the day as well as the night. In just a few days, I was able to recognize many faces of the people I had gotten to know. Enfuse 2016 surrounded me with 1,500 professionals with the same interests and career paths as myself. I left the conference with pockets overflowing with business cards!
session summary
Advanced Persistent Threat (APT) Attacks Exposed Network, Host, Memory, and Malware Analysis
This was one of the most interesting sessions of the week, and really narrowed down the process of incident response and the steps involved. The speaker, Jacob “Jake” Williams works for SANS as an instructor. He began by giving the audience “a day in the life of” an incident response situation. He walked through the steps of analysis, to how it happens, and who is involved.
how it happens
Basically there are four steps of how forensic incident response responders look at these cases. These are:
- Memory Analysis
- Threat Analysis
- Malware Analysis
- System Forensics
The group was told that these are the basic four pieces that are analyzed when responding to a situation. Furthermore, it is ideal that you have several individuals with specializations on your incident response team. For example, have someone that does malware reverse engineering so that the person that works with system forensics can hand off any found malware to him/her while continuing to look for other artifacts of the situation.
Know what is good, know what is bad, and have something to compare. When responding to incidents, know what normal looks like so you can pick out what is abnormal. This will be the first key in trying to narrow down what happened on the machine or network.
conclusion
Overall, this is one of the greatest experience that I have had so far. Attending Enfuse 2016 was extremely beneficial as I enter my senior year at Champlain College. There are many individuals that I was able to speak to and make connections with that hoped to see me return to the conference next year. I strongly encourage any reader of this blog, whether they are a student at Champlain or a professional in the field, to attend Enfuse 2017 if you are given the opportunity.
I want to thank Champlain College and Guidance Software for being able to attend Enfuse 2016 and look forward to next time!
-Justin Waite ’17