Talk With an Expert

SANS DFIR Europe Prague 2025

  • Sun, Sep 28 - Sat, Oct 4, 2025
  • 8 Courses
  • 1 Tournament
  • English
Vienna House By Wyndham Andels Prague & Virtual (CET)
Stroupežnického 21, 150 00 Praha 5-Smíchov
Prague, Bridge
Early Bird Offer

Save €250 EUR using the code "EarlyBirdEMEA-EURO" and pay for any 4-6 day course (excluding Beta Courses) by August 28, 2025.

Register

Summit and Course Registration

from €7,715 EUR
In personIncludes
  • Course: Live Instructor Training with Hands-on Exercises
  • Summit: Talks, Presentations and Workshops
  • DFIR Netwars Tournament

Summit Registration Only

from €600 EUR
€600 EUR*Prices exclude applicable local taxes
In personIncludes
  • Free Lunch and Snacks
  • Interactive Talks and Sessions
  • Networking with Peers
Attend In PersonLogin to register

Courses

Looking for Group Purchasing? Contact Us

Showing 8 of 8
Filter by:

FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics

Intermediate
FOR508Digital Forensics and Incident Response
FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
  • GIAC Certified Forensic Analyst
  • 6 Days
  • 36 CPEs
  • Steve Anson
  • Starts 29 Sep 2025 at 8:30 AM CET
  • €8,230 EUR (Course)
  • €905 EUR (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

Advanced
FOR610Digital Forensics and Incident Response
FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
  • Starts 29 Sep 2025 at 8:30 AM CET
  • €8,230 EUR (Course)
  • €905 EUR (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

FOR500: Windows Forensic Analysis

Essentials
FOR500Digital Forensics and Incident Response
FOR500: Windows Forensic Analysis
  • GIAC Certified Forensic Examiner
  • 6 Days
  • 36 CPEs
  • Jess Garcia
  • Starts 29 Sep 2025 at 8:30 AM CET
  • €8,230 EUR (Course)
  • €905 EUR (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-Person

FOR518: Mac and iOS Forensic Analysis and Incident Response

Intermediate
FOR518Digital Forensics and Incident Response
FOR518: Mac and iOS Forensic Analysis and Incident Response
  • Starts 29 Sep 2025 at 8:30 AM CET
  • €8,230 EUR (Course)
  • €905 EUR (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

FOR578: Cyber Threat Intelligence

Intermediate
FOR578Digital Forensics and Incident Response
FOR578: Cyber Threat Intelligence
  • GIAC Cyber Threat Intelligence
  • 6 Days
  • 36 CPEs
  • Jim Simpson
  • Starts 29 Sep 2025 at 8:30 AM CET
  • €8,230 EUR (Course)
  • €905 EUR (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-Person

FOR498: Digital Acquisition and Rapid Triage

Essentials
FOR498Digital Forensics and Incident Response
FOR498: Digital Acquisition and Rapid Triage
  • GIAC Battlefield Forensics and Acquisition
  • 6 Days
  • 36 CPEs
  • Jason Jordaan
  • Starts 29 Sep 2025 at 8:30 AM CET
  • €8,230 EUR (Course)
  • €905 EUR (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

FOR509: Enterprise Cloud Forensics and Incident Response

Major UpdatesIntermediate
FOR509Digital Forensics and Incident Response
FOR509: Enterprise Cloud Forensics and Incident Response
  • Starts 29 Sep 2025 at 8:30 AM CET
  • €8,230 EUR (Course)
  • €905 EUR (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

FOR589: Cybercrime Investigations

Intermediate
FOR589Digital Forensics and Incident Response
FOR589: Cybercrime Intelligence
  • Starts 29 Sep 2025 at 9:00 AM CET
  • €7,715 EUR (Course)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

Chaired By

Jess Garcia
Jess Garcia

Jess Garcia

Founder

Jess Garcia is the founder and technical lead of One eSecurity, a global Information Security company specialized in Incident Response and Digital Forensics.

Read more about Jess Garcia

Schedule

Summit Dates

Sunday 28th September

Training Dates

Monday 29 September - Saturday 4 October

Showing 20 of 26
Filter by:

Registration and Networking

Summit Day08:45AM - 09:30AM CEST
In-Person

Chair Opening Remarks

Summit Day09:30AM - 09:50AM CEST
In-Person

The Art of Concealment: How Cybercriminals Are Becoming and Remaining Anonymous

The attribution of cybercrime remains one of the greatest challenges for investigators, largely due to the extensive concealment measures employed by threat actors.

Summit Day09:50AM - 10:20AM CEST

Presented by

Mick Deben

Mick Deben
In-Person

Hunting Payloads in Linux Extended File Attributes

Linux Extended File Attributes provide functionality similar to NTFS Alternate Data Streams (ADS). While often used for legitimate purposes, they can also be abused to conceal malicious content.

Summit Day10:20AM - 10:40AM CEST
In-Person

Networking Break

Summit Day10:40AM - 11:10AM CEST
In-Person

Extracting the Unseen: Real-World RAM Acquisition and Analysis From Android Devices

Volatile memory on Android devices often contains critical evidence — Encryption keys, credentials, and transient user data that traditional extractions miss.

Summit Day11:10AM - 11:40AM CEST
In-Person

Home Automation And IoT As A Source Of Evidence: Forensic Analysis of Home Assistant

As smart homes become more widespread, they present a growing but often overlooked source of digital evidence.

Summit Day11:40AM - 12:00PM CEST
In-Person

Tool: 4n6p - A Lightweight, Open Source, Forensic Disk Imager

Forensic imaging doesn’t have to rely on costly proprietary hardware. 4n6pi is a lightweight, open-source project that leverages Raspberry Pi hardware to create forensically sound disk images in E01 format.

Summit Day12:00PM - 12:15PM CEST
In-Person

Tool: The Only ‘Kanvas’ You Need When Spreadsheets Fail Your IR Case Management

Incident responders often rely on the “Spreadsheet of Doom” (SOD) to track findings and observations, but managing, updating, and extracting insights from these spreadsheets can be cumbersome.

Summit Day12:15PM - 12:30PM CEST
In-Person

Networking Lunch

Summit Day12:30PM - 01:30PM CEST
In-Person

MacOS Telemetry vs EDR Telemetry - Which Is Better?

As macOS adoption grows in enterprise environments, threat actors are increasingly targeting these systems, leaving incident responders to adapt their investigative approaches.

Summit Day01:30PM - 02:00PM CEST
In-Person

PDF Forensics And Authenticity Detection

This presentation delves into the field of PDF forensic analysis and unveils practical techniques to identify non-original (tampered, altered, or fabricated) PDF documents.

Summit Day02:00PM - 02:30PM CEST
In-Person

Tool: Location Log Analysis of Google Maps IOS

Presented By:

Antonio Roberto Consalvi, Software Engineer – Studio D’Ingegneria Consalvi

In 2024, Google shifted Google Maps location history storage from the cloud to mobile devices, introducing the location-history.json file on iOS.

Summit Day02:30PM - 02:45PM CEST
In-Person

Tool: Forensic WACE - A Multi-Threaded Tool For Semantic Forensic Analysis Of What’s App Chats Using AI Tools

Presented By:

Daniele Monte, Senior Software Engineer – University of Bari

Forensic WACE is a free, multi-threaded tool designed for semantic forensic analysis of WhatsApp databases on iOS and Android.

Summit Day02:45PM - 03:00PM CEST
In-Person

Networking Break

Summit Day03:00PM - 03:30PM CEST
In-Person

Mobile Device Hardening: A Forensic Comparison of Advanced Protection Programmes in IOS and Android

How do Apple’s Lockdown Mode and Advanced Data Protection compare to Google’s Advanced Protection introduced in Android 16?

Summit Day03:30PM - 04:00PM CEST
In-Person

When The Threat Group Doesn’t Leave: Incident Response Under Fire

What happens when you face one of the most aggressive, capable, and determined threat group - while they’re still active in the network?

Summit Day04:00PM - 04:30PM CEST
In-Person

Enterprise Digital Forensics And Security With Open Tools: Automate Audits, Computer Forensics Investigations And Incident Response With AWX And Ansible

In modern enterprises, managing digital forensics, incident response, and security audits across hundreds of endpoints and cloud systems is challenging.

Summit Day04:30PM - 05:00PM CEST
In-Person

Chair Closing Remarks

Summit Day05:00PM - 05:10PM CEST
In-Person

Networking Drinks

Summit Day05:10PM - 07:00PM CEST
In-Person

Defending AI with an APE

When it comes to attacks on generative AI, Prompt Injection is everywhere. So everywhere, in fact, that it’s starting to lose all meaning. If everything is Prompt Injection, then nothing really is — right? In this talk, we’ll go beyond the buzzword and into the world of APE: a structured, practical taxonomy designed for the teams on the front lines, Red Teams, SOCs, Incident Response, and Intelligence. APE helps make sense of the chaos by categorising how adversaries are actually targeting AI systems. Whether you're testing defences, triaging incidents, tracking threat actors, or just trying to figure out what’s going wrong with your chatbot at 3 a.m., APE gives you the vocabulary and framework to work smarter. Because let’s be honest, AI isn’t going anywhere, and neither are the people trying to break it.

Training Day 106:00PM - 07:00PM CEST
In-Person

Rethinking Digital Forensics in Incident Response

The term DFIR has become really popular over the last several years and is used as an all-encompassing term for digital forensics and incident response. But the reality is that there is actually an inherent contradiction between digital forensics and incident response, because the actual end goals of digital forensics and incident response are actually not the same. The reality is that for most organizations, incident response focuses on making the pain go away, and maybe improving security going forward. Thinking about a legal outcome is far from the reality for most organizations.

Training Day 107:00PM - 08:00PM CEST
In-Person

The Changing Role of a Security Leader and What It Means to You

As the world of information technology continues to change, so does the role of the security leader. Whether you're a CISO, Director of Security, or someone aspiring for such a position, you should consider how the current trends in IT and business affect your professional journey. Does your current approach to security leadership set you up for success?

Attend this session to learn how experienced CISOs:

- Align their security strategy to the business it aims to support

- Ask the right questions to excel in challenging situations

- Gain support for their efforts from non-security stakeholders

- Use technical and communication skills to their advantage

Those of us whose professional roots are grounded in technology often look at enterprise defenses from the perspective of the threats. While understanding the relationship between attacks and defenses is important, it's no longer sufficient. Attend this session to learn how to think about the role of a modern security leader to succeed in today's business environment.

Training Day 206:00PM - 07:00PM CEST
In-Person

Your Journey to the GenAI-DFIR Era Starts Today

How exactly is Generative AI (GenAI) changing the way Forensicators & Hunters work today? In this talk Jess Garcia will answer that question by presenting everything you need to know to integrate GenAI in your everyday DFIR tasks and get ready for this new era.

Training Day 207:00PM - 08:00PM CEST
In-Person

Tournament: DFIR NetWars

Registration: All students who register for a 4–6 day course will be eligible to play NetWars for free. Registration for this event will be through your SANS Account Dashboard the week of the event.

About DFIR NetWars: Focused on digital forensics, incident response, threat hunting, and malware analysis, this tool-agnostic approach covers everything from low-level artifacts to high-level behavioral observations.

Training Day 406:30PM - 09:30PM CEST
In-Person

Tournament: DFIR NetWars

Registration: All students who register for a 4–6 day course will be eligible to play NetWars for free. Registration for this event will be through your SANS Account Dashboard the week of the event.

About DFIR NetWars: Focused on digital forensics, incident response, threat hunting, and malware analysis, this tool-agnostic approach covers everything from low-level artifacts to high-level behavioral observations.

Training Day 506:30PM - 09:30PM CEST
In-Person

Prague, Czech Republic

Vienna House By Wyndham Andels Prague

Prague enchants visitors with its fairytale architecture, from the iconic Charles Bridge to the towering spires of Prague Castle. The city’s cobblestone streets and charming Old Town Square are steeped in centuries of history. You can enjoy world-class beer in cozy pubs and soak in the laid-back, artistic vibe. With its blend of Gothic, Baroque, and modern influences, Prague feels like stepping into a storybook.

Prague, City View

3 Reasons To Stay At The Event Venue

  • Ultimate Convenience

    Eliminate the hassle of daily commutes and wasted travel time. You’ll have everything you need—from your training to dining and amenities - all in one centralized, convenient location.

  • Seamless Networking Opportunities

    Stay where the action is! Maximize your chances to connect with fellow cybersecurity professionals and industry leaders - from impromptu conversations in the lobby to exclusive after-hours events.

  • All Day, All Event Access

    SANS live training events include bonus sessions exclusively at the venue. Staying on-site ensures you won’t miss these opportunities to grow your network and engage with peers beyond the conference agenda.

People at laptops smiling

Location Information