Presented by:

C6741f09f444e6d4f069fa0c7c6fdd69

Gary Smith

from Pacific Northwest National Laboratory

Gary started out his professional career as a chemist/materials engineer. His start down the path to the Dark Side of Computing began when he wrote a program to design an optimal extruder screw rather than face thousands of calculations with a slide rule (yes, a slide rule.) Since then, he's done a lot of different things in computing. Always a glutton for punishment, he wrote his own sendmail.cf from scratch. Around 1993, Gary started doing computer security when the semiconductor company he was working for was forced to get on the Internet to send/receive Integrated Circuit designs faster and a firewall/Internet gateway was needed. Since then, Gary's been involved in firewalls, intrusion detection system and application hardening, and anti-spam filters. Gary really does computer security to support his bicycling habit. He has more bikes than most other people have computers. And they're a lot more expensive.

A major part of incident response is answering the question, "Do we have an incident?" To answer that question you can use live Linux forensics. In this presentation, we will look at the some of the steps in incident response, specifically, the preparation phase. Next we'll look at what forms of information we can gather from a live Linux system and its forensic value. Finally, we'll look at scripts to automate the process of gathering forensic evidence. If the demo gods are smiling on us, there will be a demo of gathering forensic information from a system suspected of having an incident and answering the question, "Do we have an incident?"

Date:
2018 April 29 - 03:45
Duration:
45 min
Room:
CC-200
Conference:
LinuxFest Northwest 2018
Language:
Track:
Security
Difficulty:
Medium

Happening at the same time:

  1. Linux Professional Institute: Exam Lab - Session 1
  2. Start Time:
    2018 April 29 02:30

    Room:
    HC-112 LPI

  3. Making Chiptunes on a Raspberry Pi
  4. Start Time:
    2018 April 29 02:30

    Room:
    CC-201 TUT1

  5. Improving Arduino Education
  6. Start Time:
    2018 April 29 02:30

    Room:
    CC-202 TUT2

  7. Build and Program Your First Arduino Robot
  8. Start Time:
    2018 April 29 02:30

    Room:
    CC-234 BAIRS

  9. openSUSE Mini-Summit
  10. Start Time:
    2018 April 29 02:30

    Room:
    HC-104 openSUSE

  11. ROSECODE
  12. Start Time:
    2018 April 29 03:45

    Room:
    G-103

  13. Don't Fear the Patent Clause!
  14. Start Time:
    2018 April 29 03:45

    Room:
    CC-114

  15. Privacy on the blockchain
  16. Start Time:
    2018 April 29 03:45

    Room:
    HC-108

  17. Hybrid multi-cloud infrastructure as code using Terraform
  18. Start Time:
    2018 April 29 03:45

    Room:
    CC-208

  19. Arduino, ESP8266 and 433 Mhz Devices
  20. Start Time:
    2018 April 29 03:45

    Room:
    CC-236

  21. Old Dogs & New Tricks
  22. Start Time:
    2018 April 29 03:45

    Room:
    CC-115

  23. Using osquery via Fleet for Client/Server visibility
  24. Start Time:
    2018 April 29 03:45

    Room:
    CC-235

  25. Picking Up the Pieces, Issues And Challenges Controlling Your Data
  26. Start Time:
    2018 April 29 03:45

    Room:
    HC-103 Postgres