Presented by:

C6741f09f444e6d4f069fa0c7c6fdd69

Gary Smith

from Pacific Northwest National Laboratory

Gary started out his professional career as a chemist/materials engineer. His start down the path to the Dark Side of Computing began when he wrote a program to design an optimal extruder screw rather than face thousands of calculations with a slide rule (yes, a slide rule.) Since then, he's done a lot of different things in computing. Always a glutton for punishment, he wrote his own sendmail.cf from scratch. Around 1993, Gary started doing computer security when the semiconductor company he was working for was forced to get on the Internet to send/receive Integrated Circuit designs faster and a firewall/Internet gateway was needed. Since then, Gary's been involved in firewalls, intrusion detection system and application hardening, and anti-spam filters. Gary really does computer security to support his bicycling habit. He has more bikes than most other people have computers. And they're a lot more expensive.

A major part of incident response is answering the question, "Do we have an incident?" To answer that question you can use live Linux forensics. In this presentation, we will look at the some of the steps in incident response, specifically, the preparation phase. Next we'll look at what forms of information we can gather from a live Linux system and its forensic value. Finally, we'll look at scripts to automate the process of gathering forensic evidence. If the demo gods are smiling on us, there will be a demo of gathering forensic information from a system suspected of having an incident and answering the question, "Do we have an incident?"

Date:
2018 April 29 - 10:45
Duration:
45 min
Room:
CC-200
Conference:
LinuxFest Northwest 2018
Language:
Track:
Security
Difficulty:
Medium

Happening at the same time:

  1. Linux Professional Institute: Exam Lab - Session 1
  2. Start Time:
    2018 April 29 09:30

    Room:
    HC-112 LPI

  3. Making Chiptunes on a Raspberry Pi
  4. Start Time:
    2018 April 29 09:30

    Room:
    CC-201 TUT1

  5. Improving Arduino Education
  6. Start Time:
    2018 April 29 09:30

    Room:
    CC-202 TUT2

  7. Build and Program Your First Arduino Robot
  8. Start Time:
    2018 April 29 09:30

    Room:
    CC-234 BAIRS

  9. openSUSE Mini-Summit
  10. Start Time:
    2018 April 29 09:30

    Room:
    HC-104 openSUSE

  11. Using osquery via Fleet for Client/Server visibility
  12. Start Time:
    2018 April 29 10:45

    Room:
    CC-235

  13. ROSECODE
  14. Start Time:
    2018 April 29 10:45

    Room:
    G-103

  15. Don't Fear the Patent Clause!
  16. Start Time:
    2018 April 29 10:45

    Room:
    CC-114

  17. Arduino, ESP8266 and 433 Mhz Devices
  18. Start Time:
    2018 April 29 10:45

    Room:
    CC-236

  19. Hybrid multi-cloud infrastructure as code using Terraform
  20. Start Time:
    2018 April 29 10:45

    Room:
    CC-208

  21. Old Dogs & New Tricks
  22. Start Time:
    2018 April 29 10:45

    Room:
    CC-115

  23. Privacy on the blockchain
  24. Start Time:
    2018 April 29 10:45

    Room:
    HC-108

  25. Picking Up the Pieces, Issues And Challenges Controlling Your Data
  26. Start Time:
    2018 April 29 10:45

    Room:
    HC-103 Postgres