A Visual Summary of SANS DFIR Summit 2022

August 9, 2022

On August 15-16, attendees joined us in Austin, TX or tuned in Live Online for the SANS DFIR Summit for its 15th anniversary!

We invited Ashton Rodenhiser of Mind's Eye Creative to create graphic recordings of our Summit presentations. If you missed a talk or are looking to view the Summit through a visual lens, take a look at the recordings below.

In addition to graphic recordings, PDFs of Summit presentations will be made available on the SANS Summit Archives page (SANS account required) and videos will be posted to YouTube over the next several months.

*If you registered for the Summit, video recordings are available on your Summit Access page in your SANS Portal.

Keynote: DFIR Evidence Collection and Preservation for the Cloud

Josh Lemon, Certified Instructor | Megan Roddie, Course Author

Building a Pattern of Life - Leveraging Location and Health Data

Jared Barnhart, Digital Intelligence Specialist, Cellebrite | Heather Mahalik, Faculty Fellow

Missing Pieces - Tips and Tricks on how to ensure your acquisitions aren’t missing critical data

Jessica Hyde, Founder, Hexordia | Cesar Quezada, Research and Development Engineer, ArcPoint

A little bit of this, a little bit of dat

Brian Maloney, SANS Alumni

Stepping Out of the Android Malware Sandbox - Running & Analyzing Malware on a Physical Honeyphone

Joshua Hickman, Vice President, Cyber Risk Practice, Kroll

The Truth About USB Device Serial Numbers – (and the lies your tools tell)

Kevin Ripa, Certified Instructor

Establishing Connections: Illuminating Remote Access Artifacts in Windows

Fernando Tomlinson, Principal Digital Forensics and Incident Response Consultant, Mandiant

Cracking the Beacon: Automating the extraction of implant configurations

Derek Ditch, Principal Security Research Engineer, Elastic | Jessica David, Senior Security Data Engineer, Elastic

Stay ahead of the game: automate your threat hunting workflows

Towne Besel, Security Engineer, Cisco

Keynote: The Godfather of Forensics: How to Leverage Your “Year One” to Get an Offer You Cannot Refuse

Rob Lee, SANS Fellow

10_SansDFIR_Robert_T._Lee.jpg

Hunting for Active Directory persistence

Thomas Diot, Senior Consultant | Incident response, Wavestone

Hunting threat actors using OSINT forensics

Abi Waddell, DFIR Manager and Founder of Inquirix, Inquirix

Conducting Forensic Examinations in Zero Trust Environments

Justin Tolman, Forensic Evangelist, Exterro

Analysis Paralysis? Setting the Right Goal for Your Incident Analysis

Gerard Johansen, Principal Incident Handler, Fortalice Solutions

14_SansDFIR_Gerard_Johansen_(1).jpg

WhatsApp with Your iMessage, Dude?!

Stacey Randolph, Director, DFIR, Stroz Friedberg | Christopher Vance, Manager of Curriculum Development, Magnet Forensics

Detecting malicious actors in Google Workspace

Korstiaan Stam, Founder, Invictus Incident Response

Updates in DFIR

Philip Hagen, Faculty Fellow | Heather Mahalik, Faculty Fellow

If you'd like to check out our other upcoming Summits, you can view the latest listing here.

Related Content

Blog_teaser_images_(19).png

Digital Forensics and Incident Response, Open-Source Intelligence (OSINT)

FOR589: Cybercrime Intelligence - NEW SANS DFIR Course coming in 2024

Learn to hunt for Dark Web Intelligence, Social Engineer cybercriminals, investigate illicit Blockchain activity, and analyze Cryptocurrency evidence

Digital Forensics and Incident Response, Cloud Security

Cloud-Powered DFIR: Harnessing the cloud to improve investigator efficiency

This blog covers eight different use cases for leveraging cloud resources and services to improve the efficiency of incident response workflows.

DFIR_-_Blog_-_FOR498_-_Digital_Acquisition_&_Rapid_Triage_-_340x340_Thumb.jpg

Digital Forensics and Incident Response

SANS FOR498: Digital Acquisition & Rapid Triage

New Course Name, a Whole World of Data Extraction and Evidence Discovery Training

DFIR_ICON_(1).PNG