DFIR Summit

Austin, TX | Thu, Jun 23 - Thu, Jun 30, 2016
This event is over,
but there are more training opportunities.

Featured DFIR Summit Information

icon Webcasts

DFIR Summit Chairman

Rob Lee

icon Featured Presentation

Featured
Panel

Puzzle Solving and Science: The Secret Sauce of Innovation in Mobile Forensics?
Friday, June 24 - 9:45am
More Information

icon Summit Speakers

Summit
Speakers

View our Summit Speaker biographies here!

Summit Agenda

Don't miss the opportunity to attend the most comprehensive DFIR event of the year! Learn how to defeat your enemy and become a DFIR Superhero in 8 days! View the schedule overview using the tabs above.

Time Presentation Speaker
9:00-9:10am Welcome and Opening Remarks

Rob Lee, DFIR Lead, SANS Institute @robtlee

9:10-10:00am Keynote: Defending a Cloud

Troy Larson, Microsoft Security Response Center | Azure
@troyla

10:00-10:30am Networking Break and Vendor Expo
10:30-11:00am iOS of Sauron: How iOS Tracks Everything You Do

Sarah Edwards, Mac Nerd, Parsons Corporation; Author and Instructor, FOR518, SANS Institute
@iamevltwin

Expanding the Hunt: A Case Study in Pivoting Using Passive DNS and Full PCAP

Gene Stevens, Chief Technology Officer, ProtectWise, Inc.
@genestevens


Dr. Paul Vixie, CEO, Farsight Security
@paulvixie

11:05-11:35am

Hello Barbie Forensics

Andrew Blaich, Ph.D, Lead Security Analyst, Bluebox Security
@ablaich


Andrew Hay, CISO, Data Gravity
@andrewsmhay

Start-Process PowerShell: Get-ForensicArtifact

Jared Atkinson, Hunt Capability Lead, Veris Group's Adaptive Threat Division
@jaredcatkinson

11:40-12:10pm

You Don't Know Jack About .bash_history

Hal Pomeranz, Principal, Deer Run Associates; Fellow, SANS Institute
@hal_pomeranz

CryptoLocker Ransomeware Variants Are Lurking "In the Shadows;" Learn How to Protect Against Them

Ryan Nolette, Security Operations Lead, Carbon Black

12:10-12:25pm Ken Johnson Memorial Scholarship

Rob Lee, DFIR Lead, SANS Institute
@robtlee

Matt Bromiley, Mandiant
David Nides, KPMG

12:25-1:30pm Lunch and Learn TBA
1:30-2:00pm

Rising from the Ashes: How to Rebuild a Security Program Gone Wrong... With Help from Taylor Swift

Mike Hracs, Senior Consultant, Deloitte
@bumjubeo


Shelly Giesbrecht, Incident Responder, Cisco
@nerdiosity

Tracking Threat Actors through YARA Rules and Virus Total

Kevin Perlow, Senior Consultant, Booz Allen Hamilton


Allen Swackhamer, Associate, Booz Allen Hamilton

2:05-2:35pm

All About that (Date)Base

Matt Bromiley, Senior Consultant, Mandiant


Jacob Christie, Consultant, Mandiant

FLOSS Every Day: Automatically Extracting Obfuscated Strings from Malware

William Ballenthin, Reverse Engineer, FireEye
@williballenthin


Moritz Raabe, Reverse Engineer, FireEye

2:40-3:10pm

UAV Forensics

David Kovar, Senior Manager - Cybersecurity Practice, EY
@dckovar

Plumbing the Depths: Windows Registry Internals

Eric Zimmerman, Sr. Director, Kroll Cyber Security
@EricRZimmerman

3:10-3:40pm Networking Break and Vendor Expo
3:40-4:10pm

Trust but Verify: Why, When and How

Mari DeGrazia, Director, Kroll Cyber Security
@maridegrazia

The Incident Response playbook for Android and iOS

Andrew Hoog, CEO and Co-Founder, NowSecure
@ahoog42

4:15-4:45pm

Analyzing Dridex, Getting Owned by Dridex, and Bringing in the New Year with Locky

@sudosev
@sudosev

What Does my SOC Do?: A Framework for Defining an InfoSec Ops Strategy

Austin Murphy, Director of Incident Response, CrowdStrike Services
@austinjmurphy

4:45-5:15pm Forensic 4cast Awards

Lee Whitfield, Director of Forensics, Digital Discovery
@lee_whitfield

6:00pm DFIR Night in Austin
Join fellow attendees and speakers for a night of networking and fun
Time Presentation Speaker
9:00-9:45am Keynote: The History of Data Forensics, and Get off my Lawn!

Andy Rosen, President, ASR Data Acquisition & Analysis, LLC

9:45-10:30am Panel: Puzzle Solving and Science
The Secret Sauce of Innovation in Mobile Forensics
Featuring:
10:30-11:00am Networking Break and Vendor Expo
11:00-11:30am

What Would You Say You Do Here?: Redefining the Role of Intelligence in Investigations

Rebekah Brown, Threat Intelligence Lead, Rapid7
@PDXbek

Using Endpoint Telemtry to Accelerate the Baseline

Keith McCammon, Co-Founder and VP of Detection Operations, Red Canary
@kwm

11:35-12:05pm

Who Watches the Smart Watches

Brian Moran, Digital Strategy Consultant, BriMor Labs
@brianjmoran

Deleted Evidence: Fill in the Map to Luke Skywalker

Mary Singh, Senior Consultant, FireEye
@marycheese

12:05-1:15pm Lunch and Learn TBA
1:15-1:45pm

Seeing Red: Improving the Blue Teams with Red Teaming

Dave Hull, Product Engineer, Tanium
@davehull

Hadoop Forensics

Kevvie Fowler, National Leader - Cyber Response Services, KPMG Canada
@kevviefowler

1:50-2:20pm

Rocking your Windows EventID with ELK Stack

Rodrigo Ribeiro Montoro, Security Researcher, Clavis Security Brazil
@spookerlabs

To Automate of Not To Automate; That is the Incident Response Question

Dr. Brian Carrier, VP - Digital Forensics, Basis Technology
@carrier4n6

2:20-2:50pm Networking Break and Vendor Expo
2:50-3:20pm

Incident Detection and Hunting @ Scale: An Introduction to osquery

Scott J. Roberts, Bad Guy Catcher, GitHub


Kevin Thompson, Senior Incident Responder, Heroku
@bfist

Dive into DSL: Digital Response Analysis with Elasticsearch

Brian Marks, Senior Associate, KPMG
@brianDFIR


Andrea Sancho Silgado, Associate, KPMG

3:25-3:55pm stoQ'ing your Splunk

Ryan Kovar, Staff Security Strategist, Splunk
@meansec


Marcus LaFerrera, Director of Development, PUNCH Cyber Analytics Group
@mlaferrera

Accurate Thinking: Analytic Pitfalls and How to Avoid Them

Kyle Maxwell, Senior Researcher, Verisign iDefense

4:00-4:30pm Leveraging Cyber Threat Intelligence in an Active Cyber Defense

Erick Mandt, Analyst, Air Force Office of Special Investigations (AFOSI)


Robert M. Lee, Author and Instructor, SANS Institute
@robertmlee

4:30pm Closing Remarks and Wrap Up
Featuring:
Rob Lee, DFIR Lead, SANS Institute @robtlee