Windows users are still the biggest InfoSec weakness says expert
Windows forensic analysis skills are vital to address increased cyber security threats
20th April 2015 – Even with the expected arrival of a slew of security improvements in Windows 10 such as multi-factor authentication, automatic encryption and a trusted app whitelist; “…users on Windows machines are still the most likely entry point for a cyber-attack and the long tail of operating systems still in widespread use makes Windows forensics skills essential for all investigators and first responders,” says Christian Prickaerts, a highly respected expert Forensic investigator and SANS Instructor with a 15 year career including time working for a large university in the Netherlands and Fox-IT.
“In many cases, the user is completely unaware of the attack which through social engineering or malware starts a chain reaction that can ultimately lead to an incident which in the case of APT style attacks may well remain undetected within an environment for many months,” he adds.
Although newer Microsoft operating systems have made great strides in helping to secure common weaknesses, Prickaerts points to the huge number of systems, including Windows XP that are still used but are effectively out of support when it comes to security updates and patches. “Strong Windows forensic skills are also important for validating security tools, enhancing vulnerability assessments, identifying insider threats, tracking hackers, and improving security policies,” says Prickaerts.
In June, Prickaerts will be teaching an updated version of SANS FOR408: Windows Forensic Analysis with a focus on collecting and analysing data from computer systems to track user-based activity that can be used in internal investigations as well as civil and criminal litigation.
“Proper analysis requires real data for students to examine and as such the course trains digital forensic analysts through a series of hands-on exercises that incorporate evidence found on the latest Microsoft technologies including Windows 8.1, Office365, Skydrive, Sharepoint, Exchange Online as well as older platforms such as XP, Windows 7 and Server 2008/2012,” says Prickaerts.
As part of the course, students learn how to identify artefacts and evidence locations that will answer key questions, including details about program execution, file opening, external device usage, geo-location, file download, anti-forensics, and system usage.
The course will run in Dublin from June 8th-13th at the Hilton Doubletree’s Morrison Hotel alongside the popular SEC401: Security Essentials Bootcamp Style. “Early Bird” Registration is still open and SANS is offering discounts for students that register and pay prior to April 29th and for larger groups. For more information, please visit http://www.sans.org/event/dublin-2015
About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 27 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master’s degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet’s early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)