Lead Incident Response Consultant, Jawz Technology Incs CyberCrime division. presented at BlackHatWindows 2001

by Mushin ,

Summary : Incident Response in a Microsoft world.
Since so many articles and texts seem to focus on Incident Response based around Unix platforms this speech will give the audience the opportunity to walk through a scenario of a penetration of a Microsoft webserver, and what is commonly done by mistake when the company responds to the incident. Then examples and discussion will be given on better procedures to follow with some discussion of various tools and actions that are best utilized when investigating an incident on a Microsoft platform. Depending on the level of knowledge and participation of this speech, further discussions in later BlackHat settings may delve into technical forensics and aspects of Security Policy.
John Kutzschebauch, AKA Mushin, is currently the lead Incident Response consultant for Jawz Technology Incs CyberCrime division. Previous positions most recently include the Task Force Falcon Information Assurance Manager 1999-2000 (basically the InfoSec manager for the US Armed forces in the countries of Macedonia and Kosovo in support of the Kosovo Peacekeeping Forces), various vulnerability assessment contracts, and the NT and MVS security consultant with DISA at what was previously known as Defense MegaCenter Denver. He can be reached at http://www.securityhorizon.com.
Their Presentation! (PowerPoint 1,699k)