Invite – SANS #DFIR Free Open House And Community Night – Dec 10 2012 – Wash D.C.

We would like to invite you to a free and open DFIR Community reception/talks at SANS Digital Forensics and Incident Response Campus at CDI 2012  in Washington D.C.

Join us and network with others in the DFIR community then stay for a few evening DFIR presentations.


Monday, December 10th

The Dupont Circle Hotel
1500 New Hampshire Ave Nw
Washington DC 20036


Schedule for Dec 10th

6:00pm – 7:00pm SANS DFIR Campus Open House Community Reception (w/food and drinks)
7:15pm – 8:15pm  “Malware Analysis using REMnux” w/ Lenny Zeltser
8:15pm – 9:15pm “Detecting Persistence Mechanisms” w/Alissa Torres

Open House and Evening Events at the DFIR Campus on December 10th are fully open to the public.  Please register to attend the Open House and evening presentations here:


Synopsis of Talks

 “Malware Analysis using REMnux” w/ Lenny Zeltser

Though some tasks for analyzing Windows malware are best performed on Windows laboratory systems, there is a lot you can do on Linux with the help of free and powerful tools. REMnux is an Ubuntu distribution that incorporates many such utilities. This practical session presents some of the most useful REMnux tools. Lenny Zeltser, who teaches SANS’ reverse-engineering malware course, will share how you can use the utilities installed on REMnux to:

– Study network interactions of malicious programs

– Analyze malicious websites and obfuscated JavaScript

– Examine malicious PDF documents

– Explore important aspects of suspicious Windows executables

– Identify malware artifacts in memory snapshot files

If you haven’t experimented with Linux-based tools for malware analysis, you’ve been missing out. And if you’ve been meaning to begin exploring the field of malware analysis, this talk will help you get started.

8:15pm – 9:15pm “Detecting Persistence Mechanisms” w/Alissa Torres

Often times, artifacts of persistence created by an attacker in order for their malware to survive on a system are important leads to unravel the adversary’s methodologies. These techniques, including registry keys, scheduled tasks and other methods, can be excellent indicators for the signature creation used in enterprise scanning. How do you find these valuable artifacts? What tools can you use to aid in their discovery? This presentation covers the common persistence techniques used in today’s malware and the forensic techniques and tools that can be used to uncover them.

We look forward to seeing you at the DFIR Campus in December!  Again – please  register  to attend the Open House and evening presentations here:

Published by

Rob Lee

Rob Lee is an entrepreneur and consultant in the Washington DC area, specializing in information security, incident response, and digital forensics. Rob is currently the curriculum lead and author for digital forensic and incident response training at the SANS Institute in addition to owning his own firm. Rob has more than 15 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on information warfare. Later, he was a member of the Air Force Office of Special Investigations (AFOSI) where he led a team conducting computer crime investigations, incident response, and computer forensics. Prior to starting his own firm, he directly worked with a variety of government agencies in the law enforcement, U.S. Department of Defense, and intelligence communities as the technical lead for a vulnerability discovery and an exploit development team, lead for a cyber forensics branch, and lead for a computer forensic and security software development team. Rob was also a director for MANDIANT, a company focused on investigating advanced adversaries, such as the APT, for four years prior to starting his own business. Rob co-authored the book Know Your Enemy, 2nd Edition. Rob earned his MBA from Georgetown University in Washington DC. He was awarded the Digital Forensic Examiner of the Year from the Forensic 4Cast Awards. Rob is also an ardent blogger about computer forensics and incident response topics at the SANS Computer Forensic Blog. Rob is also a co-author of the MANDIANT threat intelligence report M-Trends: The Advanced Persistent Threat.