A typical organization sees anywhere from scores to thousands of alerts daily. Many of those alerts are indicating a variety of problems with hosts. An all too common approach is to reimage affected systems. Unsurprisingly this is the equivalent of playing whack-a-mole. At the other end of the spectrum the host undergoes a forensics examination taking days of effort. Fortunately there is a middle ground. In this talk we'll focus on techniques to conduct quick yet effective examinations of windows hosts. In many cases we can use these methods to confirm or disprove a breach situation and determine root cause in minutes, not days.

Yes, I know I have the wrong title in the video.

Back to BSides Augusta 2014 video list