A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Dive into DSL: Digital Response Analysis with Elasticsearch - Brian Marks, Andrea Sancho Silgado Derbycon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Dive into DSL: Digital Response Analysis with Elasticsearch
Brian Marks, Andrea Sancho Silgado
Derbycon 2016

In this talk we will take a deep dive into the Elasticsearch DSL using python and how you can use it to go beyond the simple searches you may have been using in Kibana. We will demonstrate how Elasticsearch can be used to speed up and automate your DFIR investigations by grouping multiple queries of artifacts into a ?signature of forensics? format to answer common investigator questions. In addition, this talk will explore the full power of elasticsearch?s searching and aggregation capabilities that can be utilized with indexed artifacts as well as the visualization functionality of Kibana. Use cases and code samples from real world investigations will be presented showing how you tap into this functionality already built into your ELK stack!

Brian is a Senior Associate with KPMG?s Forensic Technology Practice in Chicago, IL. Brian has over 5 years of experience in the information security industry having worked for a Department of Defense contractor before joining KPMG. There he gained experience in intrusion detection, incident response, log analysis, firewall administration, and operating system auditing and hardening. At KPMG, he specializes in providing digital response services including incident response, digital forensics, reverse engineering, and threat intelligence. He has provided these services for clients in many various industries including multinational businesses and Fortune Global 100 organizations. Andrea is an Associate in the Chicago, IL office of KPMG U.S. Andrea has been a member of the Forensic Technology Team since 2014, focusing on providing Forensic Services, Threat Intelligence, and Incident Response to clients, including Fortune 500 organizations. She also assists developers in the Forensic Technology Team with coding between projects. Andrea is constantly aspiring to study and learn more in the DFIR field. In her first year as a professional, Andrea completed the certifications for GCFA and EnCase Certified Examiner. Prior to joining KPMG she studied Telecommunications Engineering at Universidad Politecnica de Madrid, Spain. In the fifth year of her studies she enrolled in a double degree program with Illinois Institute of Technology completing a Master of Science in Electrical Engineering in one year.

@brianDFIR

Back to Derbycon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast