Using Virtualization in Internal Forensic Training and Assessment

by Courtney Imbert
Sept. 1, 2017 0 comments SANS Institute Pen Testing & Audits forensics

Weekly headlines brim with stories of cyber breaches that target the enterprise. But SMB’s need to beware: They are just as much at risk, and perhaps more so. SMB’s are an easier target, and hackers know it: Smaller businesses have limited security resources and expertise. To make matters worse, they are often unaware of the dangers. It is time to take action, and SMB’s can start with one key area: Fix the misuse of elevated privileges. Armed with administrative rights, threat actors have free rein over desktop systems. Once they compromise these systems, the very survival of the business is at stake. With a few strategic moves, smaller businesses can mitigate these risks, by utilizing some of the tools and strategies of their larger counterparts. The good news is that one of the best enterprise tools is free and already available in every Windows domain: Group Policy. With Group Policy, SMB’s can automate tasks like limiting desktop privileges, installing and p...

https://www.sans.org/reading-room/whitepapers/forensics/virtualization-internal-forensic-training...