What makes cloud platforms unique – and uniquely difficult to defend? There are cool and wonderful things a forensics/IR person can do in the cloud, from collecting higher quality evidence from running systems, to interesting analysis that can be done with the event logs from a 1000 identical machines. Get the low-down during this return engagement by one of the DFIR Summit’s most popular keynote speakers, back by popular demand to help you make sense of forensicating in the cloud. Troy Larson (@troyla), Microsoft Security Response Center | Azure

Troy Larson
(@troyla), Microsoft Security Response Center/Azure Troy Larson is a true leader in the field of digital forensics and engineer on the Microsoft Security Response Center’s Azure team. Troy is focused on building and measuring forensic capabilities in the Azure platform, and executing advanced security investigations. Troy has been on the front lines of critical cases for Microsoft for over 10 years, creator of the Windows Forensic Environment toolkit and is a frequent speaker on Windows and Office incident response and forensics. Troy received his undergraduate and law degrees from the University of California at Berkeley, and has been working in the field of digital forensics since the late 90s.

свернуть