bsidesaustin2019 has ended
Thursday, March 28 • 2:00pm - 3:00pm
Taste the Rainbow: Windows 10 Challenges for Red, Blue, and Purple Teams

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Microsoft has added a significant number of features in Windows 10 that affect the types of evidence that can be found both on disk and in memory during digital forensic investigations. These features include new event logging sources, new artifacts of program execution and file access, compression of in-memory data stores, and much more. The inclusion of these features necessitate that blue team members update a significant portion of their workflow to fully capture events that previously occurred on the system. These features also force red team members to update their workflows if they wish to operate in a stealthy manner. During this presentation, the full range of these new features will be presented along with how they can be accessed, analyzed, and understood. This will include discussion of open source tools along with analysis methodologies. By the end of the presentation, attendees who work in a wide variety of information security roles will understand how Windows 10 changes their daily workflow and how to best take advantage of the new features.


Andrew Case

Andrew Case is the Director of Research at Volexity and a core developer of the Volatility memory analysis framework. His professional experience includes digital forensic investigations, incident response handling, malware analysis, penetration tests, and source code audits. Andrew... Read More →

Thursday March 28, 2019 2:00pm - 3:00pm
Big Tex

Attendees (38)