9-10 | Christopher Doman |
| Resource-Level Cloud Forensics | Cloud Service Providers, such as AWS, GCP and Azure, often introduce artifacts of forensic value when developing features for automation and monitoring of resources. Typically, these artifacts are undocumented and exist purely for the provider’s own troubleshooting, but they also provide valuable insight to an investigator analysing malicious activity on a system. Frequently, this insight surpasses that of “provider-supported” forensic data sources. Most of the discourse around performing forensics in the cloud focuses on provider-level logging. While this is undoubtedly useful, practitioners understand that resource-level forensic analysis is crucial when responding to incidents affecting cloud infrastructure - and much of this knowledge remains opaque and undocumented.
In this presentation, Chris Doman, co-founder of Cado Security, will present novel research of undocumented forensic artifacts from cloud service provider specific operating systems and tools. They will provide the audience with an overview of forensic techniques across cloud compute and serverless environments. Native operating system artifacts will also be discussed and contrasted with their cloud equivalents, with consideration given to their usefulness in the context of the cloud.
|
11-noon | Thiago Bordini | Thiago Bordini, Head Cyber Threat Intelligence at Axur, executive with more than 20 years of experience in the cyber intelligence market, working with analysis and prevention of cyber threats and fraud and dissemination of educational content on the subject to professionals and companies. Technical coordinator and postgraduate professor at IDESP. Speaker at several national and international events such as YSTS, EkoParty, H2HC, Security BSides, SANS, HTCIA, CoronaCon, 8.8 Andina and Brazil, among others. Member of the HTCIA (High Technology Crime Investigation Association). Member of the Security BSides Sao Paulo/Brazil organization.
https://www.linkedin.com/in/thiagobordini/ | The LATAM DeepWeb. How LATAM fraud groups work on Telegram and WhatsApp | |