A planned methodology for developing and implementing a forensically sound incident response plan in Microsoft's Office 365 cloud environment must be thoroughly researched and re-evaluated over time as the system evolves, new features are introduced, and older capabilities are deprecated. This presentation will walk through the numerous forensic, incident response, and evidentiary aspects of Office 365. The presentation is based on two years’ worth of collection of forensics and incident response data in Microsoft's Office 365 and Azure environments. It combines knowledge from more than a hundred Office 365 investigations, primarily centered around Business Email Compromise (BEC) and insider threat cases.
For additional Kroll presentations from the 2018 DFIR Summit & Training, please take a look here.
The annual SANS Digital Forensics & Incident Response (DFIR) Summit is the most comprehensive DFIR event of the year, bringing together an influential group of experts, immersion-style training, and industry networking opportunities in one place. Over the course of this eight-day training event, you'll learn:
Highly technical digital forensics and incident response presentations from the industry's top practitioners during the two-day Summit.
Nine SANS DFIR courses to choose from to advance your training, build your arsenal of defenses and learn how to better protect your organization.
DFIR NetWars: The Coin Slayer! - Earn DFIR course coins by correctly answering all questions from all levels of the six DFIR domains. Leave Austin with a motherlode of coinage!
Join Devon Ackerman for a session on "A Planned Methodology for Forensically Sound Incident Response in Microsoft's Office 365 Cloud Environment" on Thursday, June 7, 2018 at 11:35 a.m. (EST)
June 3-4, 2019 Chicago
April 24-25, 2019 Washington, DC