2025-11-17 –, Westin - Munich
Sometimes the analysis part of incident response will give you challenges of a special kind: investigate this system which runs an operating system you possibly never heard of.
In this talk, I want to give you a method that allows you to take on such challenges with a joyfull "YES". I will also highlight supporting tools.
Analysis during incident response situations challenges us in many ways. Regarding investigating systems, many are familiar with Windows and Linux. But sometimes we need to venture beyond and confront operating systems we may have never heard of.
In this talk, I want to discuss a method for preparing investigations of rarely encountered operating systems. This method tries to combine knowledge transfer of better researched operating systems and practical exploration of the target operating system. I will also highlight supporting tools for investigations.
Throughout, I will add my learnings from past investigations of such operating systems (customized FreeBSD systems, SunOS/Solaris systems, OpenBSD systems).
incident response, digital forensics
I work as a forensic analyst for a managed incident response provider. I value giving back to the community by contributing to triage and threat hunting capabilities. In my free time, I enjoy chalky climbing gyms and high mountains.