Michael Cohen (Google)

Abstract

Rekall has recently grown from a pure memory analysis framework to a complete incident response tool, able to perform sophisticated triaging and forensic analysis. The Rekall Agent is an open source, free, distributed endpoint DFIR tool based on the Rekall framework. The main goals of the Rekall Agent are: very high scalability, ease of deployment, and enterprise grade security and auditing workflows. Rekall Agent is suitable for deployment in any organization from small to the largest enterprises. Rekall achieves this scalability by leveraging on the Google Cloud Platform - a highly scalable, featureful and cost effective suite of global services. Since Rekall Agent is deployed in the cloud, it is very easy to deploy and it automatically scales up to any size deployment required. This workshop will guide participants in deploying and using the Rekall Agent in the cloud.