The long-awaited update to Sysmon is here. Microsoft has recently released version 15. This updated version of the popular logging tool includes new features and provides responders insight into endpoint behavior. In this Anti-Cast, Gerard Johansen, digital forensics practitioner and course author of Enterprise Forensics and Response will walk through how Sysmon can aid in incident investigations. Gerard will provide an overview of Sysmon, including what data analysts can see, how to deploy and configure and finally looking at how Sysmon can aid in incident investigations. How configurations can be tailored. Local and remote acquisition of Sysmon log files and finally how to analyze various Tactics and Techniques commonly seen in incident investigations.
Chat with your fellow attendees in the Antisyphon Discord server:
https://discord.gg/antisyphon
in the #🍿anticasts-chat channel
Stay up to date on our upcoming live Anti-Casts and more at https://poweredbybhis.com