Program Overview

The FIRST Technical Colloquium (TC) event will be held in 2nd November, 2011.

Please note: the program schedule is not in its final version, adjustments still can occur.

* Trustwave will be providing Pizza and drinks for attendees.

• CSIRT Resilience: coping with short-term events

  James Davis (JANET CSIRT)

  During the last few years we have faced a number of lower-level business continuity situations ranging from extreme weather conditions to suppliers failing to meet contractual obligations. In addition, our location next to a nuclear site poses some remote but unique scenarios.

  Our flexibility and independence from our host organisation have led to us developing our systems and processes so that many of these events can be dealt with using normal working practices and minimal disruption to the services we provide to our constituency. This talk will look at some of the problems we have faced and how we try to integrate our short-term continuity plans into our everyday work.

  November 2, 2011 19:25-19:55

• Data Compromise: Case Study

  Solomon Bhala (Trustwave)

  Solomon Bhala takes the audience through the discovery, investigation and remediation of a technical data compromise. Solomon worked first hand on the investigation of this service provider with security weaknesses were exploited to access data from worldwide brands.

  November 2, 2011 20:10-20:40

• Forensic Readiness - Give your investigators a fighting chance

  Ryan Jones (SpiderLabs EMEA, Incident Response Managing Consultant )

  Investigators are often faced with poorly configured systems which thwart the investigative process. This leads commonly leads to incident response reports with fragmented timelines of attack and leaves risk managers having to make difficult decisions based on incomplete information.

  Companies that consider Forensic Readiness put their investigators in a much stronger position and can expect considerably more accurate outcomes from a forensic investigation.

  This talk looks at the same web application attack, carried out on systems with differing audit controls. The first system has ‘out of the box’ logging and the second has had logging improved through a Forensic Readiness process carried out before the attack.

  We approach the machines as an Incident Response Specialist would and compare the evidence stores and the ability of the investigators to make accurate conclusions based on the evidence available. We will look at the contrasting final reports which are produced with the differing levels of forensic evidence, highlighting the decisions that have to be made based on the varying level of detail provided in the reports.

  Someone for whom forensic investigation of web application exploits is a new topic will gain an understanding of some of the forensic techniques possible. Whilst attendees who already have some forensic investigation knowledge will understand how forensic readiness can have a massive effect on the outcome of investigations.

  November 2, 2011 18:40-19:10

• Greetings

  
  

  November 2, 2011 18:30-18:40

• Onwards – Pub/Networking *

  
  

  November 2, 2011 20:40-20:40

• London 2011 FIRST TC
  • Program Overview