Inside FOR509: Enterprise Cloud Forensics and Incident Response with Dave Cowen & Pierre Lidome

The world is changing and so is the data we need to conduct our investigations. New platforms change how data is stored and accessed. They remove the examiner's ability to put their hands directly on the data. Many examiners are trying to force old methods for on-premise examination onto cloud hosted platforms. Rather than resisting change, examiners must learn to embrace the new opportunities presented to them in the form of new evidence sources.


Listen in to co-authors David Cowen and Pierre Lidome discuss how to Find the Storm in the Cloud with their new course, SANS FOR509: Enterprise Cloud Forensics and Incident Response. The course will help you:

Understand forensic data only available in the cloud
Implement best practices in cloud logging for DFIR
Properly handle rapid triage in cloud environments
Learn how to leverage Microsoft Azure, AWS and Google Workspace resources to gather evidence
Understand what Microsoft 365 has available for analysts to review
Learn how to move your forensic process to the cloud for fast processing where the data lives


Learn more at www.sans.org/for509



About the Speakers / Course Authors



Dave Cowen, @HECFBlog
Today, he is the Managing Director at KPMG LLP, where his team of expert digital forensics investigators pushes the boundaries of what is possible on a daily basis. He’s also a certified SANS instructor—teaching FOR500: Windows Forensic Analysis—and he keeps up his information security knowledge by acting as the Red Team Captain for the National Collegiate Cyber Defense Competition, a role he’s held for the last nine years. Learn more about David at https://www.sans.org/profiles/david-c...


Pierre Lidome, @texaquila
Pierre Lidome is a SANS course author and a cyber threat hunter for a large Energy company. With more than 25 years of experience in network engineering, firewall management, security services delivery, forensic analysis and eDiscovery, he has worked numerous digital forensic and incident response (DFIR) cases involving vectors such as insider threats and nation-state actors. Learn more about Pierre at https://www.sans.org/profiles/pierre-...


SANS Institute Summits at https://www.sans.org/cyber-security-s... SANS Cloud Security Curriculum, https://www.sans.org/cloud-security/ SANS Cloud Security on Twitter: @SANSCloudSec
SANS Cloud Security on LinkedIn:   / sanscloudsec  
SANS DFIR Curriculum, https://www.sans.org/digital-forensic...
SANS DFIR on Twitter:   / sansforensics  
SANS DFIR on LinkedIn:   / 7017052  
SANS DFIR on Facebook: https://www.facebook.com/login/?next=...
SANS DFIR on YouTube:    / robtlee73