Fahad Ehsan

Lead Architect at UBS AG

Fahad works with UBS AG, where he is a lead architect with the Security Analytics team. His other areas of expertise include Malware Reverse Engineering and Memory Forensics. He recently delivered a Vulnerability Management Platform, which is widely used within the Bank. Throughout his 7-year career, he has held various roles in Security Research & Engineering, Consultancy, SOC and C#/SQL dev teams.

Presentation: Memory Forensics & Security Analytics: Detecting Unknown Malware

The main purpose of the presentation is to show the audience how open-source tools can be used to develop an in-house automated Memory Forensics Solution, which has the capability to detect ‘unknown’ malware. I will show a demo of this solution, and how it can be used to find ‘unknown’ malware. This solution is based on my personal research.

On-Host Forensics solutions are generally closed source and can be quite expensive to deploy.

What’s cool about this topic is that that there are already open source tools available to get us started with Memory Forensics and help us build a solution with limited budget. I have spent the past 8 months doing research in this space, and built a solution from scratch with be easily scaled in an enterprise environment.

Security Analytics is a growing field and I would like to share my experience and experience in building out such solutions. While On-Host Forensics data is just one of the sources for Security Analysis, I believe that it will become more important as Security Analytics solutions mature.

Presentation @DefCamp 2014