Anti-Cast | The Sysmon Update is Here

The long-awaited update to Sysmon is here!

Microsoft has recently released version 15. This updated version of the popular logging tool includes new features and provides responders insight into endpoint behavior.

In this Anti-Cast, Gerard Johansen, digital forensics practitioner and course author of Enterprise Forensics and Response will walk through how Sysmon can aid in incident investigations.

Gerard will provide an overview of Sysmon, including what data analysts can see, how to deploy and configure, and finally looking at how Sysmon can aid in incident investigations. He’ll walk you through how configurations can be tailored, local and remote acquisition of Sysmon log files, and finally how to analyze various Tactics and Techniques commonly seen in incident investigations.

Chat with your fellow attendees in the Antisyphon Discord server here: https://discord.gg/antisyphon — in the #webcasts-livestreams channel

Gerard Johansen is an information security professional with over a decade of experience in Incident Response, Digital Forensics and Threat Intelligence. During his various roles over the last decade, he has been an author and trainer, developing interactive cyber range exercises for security professionals. Additionally, Gerard has been involved in assisting organizations with cyber security incidents both as a consultant and IR lead. Gerard is currently a Principal Incident Handler with a Managed Detection and Response provider where he is currently working on the development of readiness solutions to prepare organizations for modern threats.

Gerard has also a frequent contributor to professional conferences and the overall information security community. He has spoken at various conferences held by BSides, SANS and other community-based groups. Further, he has recently completed the third edition of Digital Forensics and Incident Response, published by Packt.