Talk With an Expert

A Visual Summary of SANS DFIR Summit 2025

Check out these graphic recordings created in real-time throughout the event for SANS DFIR Summit 2025.

Authored bySANS Institute
SANS Institute

On July 24-25, attendees joined us in Salt Lake City, Utah or tuned in Live Online for the SANS Digital Forensics & Incident Response Summit 2025!

We invited Ashton Rodenhiser of Mind's Eye Creative to create graphic recordings of our Summit presentations. If you missed a talk or are looking to view the Summit through a visual lens, take a look at the recordings below.

If you registered for the Summit, video recordings are available on your Summit Access page in your SANS Portal.

Keynote | DFIR AI-ze Your Workflow

Mari DeGrazia, Certified Instructor

A North Korean Cyber Operation: Exposing ARP-Based Covert C2s, WebSocket Malware, and Video Conference Software Abuse

Luis Garcia, Incident Response Expert, Sygnia

Matthew Mosley, Manager of Incident Response, Sygnia

Playbook Power-Up: Applying Modular Design to Maintain IR Playbooks at Scale

Jessica Gorman, Sr Director of Security Operations and Incident Response, Experian, Georgetown University

Think Like an Examiner: Strengthening Your Forensic & Response Mindset

Tony Knutson, Principal Consultant, Palo Alto Unit 42

Investigating a Malicious Script in Microsoft Intune: A DFIR Case Study

Dennis Labossiere, Director, KPMG LLP

MDR to IR Handoffs: Stick The Landing

Jess Burn, Principal Analyst, Forrester Research

Jeff Pollard, VP, Principal Analyst, Forrester

Making Sense of the Chaos: When to Conduct Structured and Unstructured Threat Hunts

Lee Archinal, Senior Threat Hunt Analyst, Intel 471

Arun Warikoo, Head of Cyber Threat Intelligence, CIB Americas BNP Paribas, BNP Paribas

Does Slicing Onions Make You Cry - Forensic Analysis of TAILs

Aaron Sparling, Principal Incident Response Engineer, Walmart - Cyber Security Incident Response

Ensuring Data Integrity in Incident Response: Tools and Techniques for Forensically Sound Log Extraction

Colin Meek, DFIR Consultant, Stroz Friedberg

Finding Relevant Alerts, Events and Logs

Ezz Tahoun, Lead researcher, University of Waterloo

MacOS Endpoint Security Framework: Not Another MacOS Log Source

Jacob Latonis, Staff Software Engineer, Proofpoint

Julia Paluch, Engineer, GreyNoise Intelligence

Coming soon!

If you'd like to check out our other upcoming Summits, you can view the latest listing here.