The inspector: automating the forensic investigation of infected computers

John Morris, Eric Kedrosky Nortel

Corporate stream: Friday 13 October 2006, 10:40 - 11:20.

Zero day outbreaks of bots and viruses, undetected by current AV signatures, are common occurrences on corporate networks. When dealing with a significant outbreak of a new threat, there are many unknowns, not the least of which are knowing what common vulnerabilities may be allowing these systems to become infected and the malware files that have been deposited. By automating the forensic investigation process, IT security teams can be provided this critical information within minutes of the outbreak starting.

This presentation will cover why automated forensic investigations are needed, what information to gather and how to gather it remotely.

VB Conferences

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘The presentations were fresh very professional and all equally interesting. Too bad I can't split myself up to listen to both streams at once.’

Poll

Have you ever been conned by a phishing email?

Leave a comment
View 12 comments

VB2008

VB2008 will take place 1-3 October 2008 at the Westin Ottawa, Canada. Registration has opened; please check the call for papers.

Virus Bulletin currently has 137,617 registered users.

Fighting malware and spam