April 2013 Chapter Meeting

Our April chapter meeting is on Wednesday April 3rd, 2013 at 5:45PM. The title of the meeting will be What do you mean they’re already in our network? Please join us!

Abstract: Mandiant has created a buzz in the security community with the release of the “APT1” report. Having that intel is great and organizations should be able to take this information and search their logs for these signs of intrusions. What if you found that your company is indeed compromised? Would you or someone in your organization know how to respond to an incident of this type? This talk will focus on methods used to respond to targeted or advanced attacks. Using timeline analysis and memory forensics we will walk through the forensic data of a targeted compromise. We will begin to put those pieces of the puzzle together until we can build that picture of what happened.

Presenter Information: Jack Crook has been in information security for over a decade and has been performing incident response for over 6 years now. He currently is an Incident Handler for one of the worlds largest companies where he specializes in host / network analysis of advanced intrusions. Jack is also the founder of a local digital forensics / incident response group called mi4n6 and devotes much of his free time to the community by creating forensics challenges and mentoring others.


  • 5:45-6:15PM Networking/Membership signup / Dinner
  • 6:15-7:15PM Presentation
  • 7:15-7:45PM Q&A

Location Information

Metro Health Conference Center
2225 Main Street
Wyoming, MI, 49519