Hackfest 2023 - Back to the Future

Sneha Banerjee

I work as a Cyber Threat Hunt Analyst at Microsoft where I take proactive and iterative approach to research, hunt, and remove advanced threats that evade existing security solutions in Azure infrastructure. I focus on external adversaries (APT) and engage with threat intelligence to validate the existence of APT through research and hunt of Indicators of Compromise (IoCs), exploratory analysis of Tactics, Techniques, and Procedures (TTPs) and vectors, and discovery and analysis of potential adversary activity. I also conduct deep dive analysis into internal adversaries (Red Team)attacks to determine Breach Paths and respond to confirmed deconflictions of Red Team activitythrough penetration test research and purple operations, such as Incident Reponse tabletop exercises. I also review detections and work on visualizing and operationalizing threats for future operations and correlation analysis. I was recently recognized as the Cyber Security Women Influencer of the Year by BSides I have mentored several Cyber Security aspirants, to guide and assist in their development of cybersecurity skills, personality development, technical guidance, and career guidance. I am committed to promoting diversity and inclusion in Cyber Security, which has led to accolades such as being recognized as the Cybersecurity Women Influencer of the Year by BSides, being nominated for the SANS Difference Makers Award, being recognized as India Philanthropies CSR Champion by Microsoft, and being awarded the Women Leader in InfoSec Scholarship by Nullcon.


Which country are you from?

India


Session

10-13
14:30
50min
Exploring RAM Forensic Analysis for Effective Digital Investigations
Sneha Banerjee

In the field of digital forensics, the analysis of volatile memory, commonly known as RAM, has emerged as a powerful technique for uncovering critical digital evidence. As cybercriminals become increasingly sophisticated in their methods, traditional disk-based forensic approaches may miss crucial information stored solely in the volatile memory. This talk aims to shed light on the significance of RAM forensic analysis and its role in modern investigations.
During the presentation, we will explore the intricacies of RAM forensic analysis, from its foundations to advanced techniques used to extract valuable artifacts. Attendees will gain insights into the wealth of information stored in RAM, such as running processes, network connections, open files, and cryptographic keys, and how it can be leveraged to reconstruct events and attribute actions to specific actors.
The talk will cover a range of topics, including the acquisition and preservation of RAM, memory imaging, analysis methodologies, and the utilization of specialized tools for efficient examination. Real-world case studies will be presented to showcase the practical application of RAM forensic analysis in various scenarios, such as malware investigations, data breaches, and incident response.
Furthermore, the presentation will delve into the challenges and limitations associated with RAM forensic analysis,

By attending this talk, forensic professionals, incident responders, and cybersecurity experts will gain a deeper understanding of the immense value of RAM forensic analysis in modern investigations. They will acquire practical knowledge, techniques, and tools that can enhance their capabilities in uncovering digital footprints, attributing actions, and ultimately, advancing the field of digital forensics.

Defensive
Track #1