Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training, Courses, and Resources
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

SANS DFIR Europe Prague 2025

  • Sun, Sep 28 - Sat, Oct 4, 2025
  • 8 Courses
  • 1 Tournament
  • English
Vienna House By Wyndham Andels Prague & Virtual (CET)
Stroupežnického 21, 150 00 Praha 5-Smíchov
Prague, Bridge
Jump to:

Come to Prague for Hands-On Cybersecurity Training

Summit: 28 September | Training: 29 September - 4 October | Chaired by: Jess Garcia

At SANS, our mission remains steady. We continue to deliver relevant cyber security knowledge and skills, empowering students to protect people and their assets. Register for SANS DFIR Europe Summit & Training 2025 (28 September - 4 October) and continue to build practical cyber security skills you can implement immediately. Choose your course and register now.

SANS DFIR Europe Prague 2025

  • In-Person Summit & Training
  • Take your training at the training venue with professional support
  • Practical cyber security training taught by real-world practitioners
  • Hands-on labs in a virtual environment
  • Courses include electronic and printed books
  • Most courses align with GIAC certifications

Please note, courses are available In-Person in Prague during this event. Please see course details below for availability. For In-Person courses, seating is available on a first-come, first-served basis. Register now to secure your spot.

Celebrating the 15th anniversary of our SANS DFIR Europe Summit

For the past 15 years, SANS has been steadily contributing to the DFIR community by hosting our annual DFIR Europe Summit in Prague. This year, we are proud to be hosting the 15th edition of this Summit. Join us and your peers for this anniversary edition and learn how to overcome the latest obstacles, hear about the latest open-source forensic tools, share methods and strategies proven effective in your investigations, and connect with the top DFIR practitioners in the industry.

The knowledge you'll absorb throughout our Summit will last the entire year. Whether you’re attending your first DFIR Summit or returning for your fifteenth, you'll join a community that shares a common drive to seek truth through digital forensics and eradicate attackers during incident response engagements.

Ask any of the returning attendees - a key benefit is that you’ll have the opportunity to network with other like-minded DFIR professionals. If you work in digital forensics or incident response, the SANS DFIR Europe Summit is the must-attend event of the year.

Choose Your Summit Experience:

In-Person - All Access

  • ALL Summit Keynotes, Talks, and Sessions | The industry's top practitioners will share their latest digital forensics and incident response research, solutions, tools, and case studies.
  • Networking Opportunities with the top-minds in DFIR | You'll have the chance to engage with leading experts, SANS instructors, and your peers in the community.
  • Summit Night Out | The day will be filled with the latest in DFIR, but the fun goes up a notch at night for those joining us in Prague.
  • SANS DFIR Merchandise and Posters
  • First-Access to Recordings and Presentations

What Attendees Say

"The DFIR Europe Summit in Prague was an amazing opportunity to connect with top professionals and hear cutting-edge case studies. Easily one of the best events I’ve attended for digital forensics."

"The speakers at DFIR Europe brought deep, real-world knowledge. Every session gave me something I could take back to my investigations."

“It was a privilege to attend DFIR Europe. The summit helped reinforce best practices in incident response and forensics. Can't wait for next year.“

Bundle Your Summit Experience with a SANS DFIR Course

Enhance your knowledge base and add to your toolkit with a hands-on, immersive course taught by top SANS instructors and course authors. This year we're featuring 8 Top SANS DFIR courses

This is Who You Want to Learn From

SANS Live Training Offers You

  • Courses on the cutting edge: All courses are designed to align with dominant security team roles, duties, and disciplines.
  • Training from the best: SANS instructors are active security practitioners who bring their extensive knowledge and real-world experiences to the classroom.
  • GIAC Certification: Most certifications align with SANS training courses, validating student mastery for professional use in critical, specialized InfoSec domains, and job-specific roles.
  • The SANS Promise: You will be able to apply the skills and techniques you’ve learned as soon as you return to work.

You will receive high-quality cybersecurity training directly from real-world practitioners. Register now to experience training you can use immediately to secure your environment and advance your career.

Students Say

  • Slide 1 of 2
    I highly recommend FOR500 for anyone looking to deepen their digital forensics and incident response skills. The course offers a perfect balance of theory and practical application, with real-world examples that bring the content to life. The instructor, Chad Tilbury, is exceptional, sharing his extensive experience and providing valuable insights that you can immediately apply in the field. It’s a must for anyone serious about mastering DFIR techniques!
    Youssef HammachFOR500, SANS DFIR Europe Summit & Training
  • Slide 2 of 2
    Fantastic course with in-depth material, delivered by amazing expert. Thanks so much for an amazing week.
    Carol OveresFOR508, SANS DFIR Europe Summit & Training
Slide 1 of 0
Early Bird Offer

Save €250 EUR using the code "EarlyBirdEMEA-EURO" and pay for any 4-6 day course (excluding Beta Courses) by August 28, 2025.

Register

Summit and Course Registration

from €7,715 EUR
In personIncludes
  • Course: Live Instructor Training with Hands-on Exercises
  • Summit: Talks, Presentations and Workshops
  • DFIR Netwars Tournament
Select course to Enroll

Summit Registration Only

from €600 EUR
€600 EUR*Prices exclude applicable local taxes
In personIncludes
  • Free Lunch and Snacks
  • Interactive Talks and Sessions
  • Networking with Peers
Attend In PersonLogin to register

Courses

Looking for Group Purchasing? Contact Us

GIAC Certification

1 free practice test when you add a certification exam attempt to your course. Available for select courses below.

Extra 4 Months of Course Access

Add OnDemand access for 4 months to help you prepare for your GIAC exam. Available for select courses below.

NetWars Tournament

Play two evenings of the Core NetWars Tournament. Free with purchase of a 4, 5, or 6 day course

Showing 8 of 8
Filter by:

FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics

Intermediate
FOR508Digital Forensics and Incident Response
FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
  • GIAC Certified Forensic Analyst
  • 6 Days
  • 36 CPEs
  • Steve Anson
  • Starts 29 Sep 2025 at 8:30 AM CET
  • €8,230 EUR (Course)
  • €905 EUR (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

Advanced
FOR610Digital Forensics and Incident Response
FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
  • Starts 29 Sep 2025 at 8:30 AM CET
  • €8,230 EUR (Course)
  • €905 EUR (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

FOR500: Windows Forensic Analysis

Essentials
FOR500Digital Forensics and Incident Response
FOR500: Windows Forensic Analysis
  • GIAC Certified Forensic Examiner
  • 6 Days
  • 36 CPEs
  • Jess Garcia
  • Starts 29 Sep 2025 at 8:30 AM CET
  • €8,230 EUR (Course)
  • €905 EUR (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-Person

FOR518: Mac and iOS Forensic Analysis and Incident Response

Intermediate
FOR518Digital Forensics and Incident Response
FOR518: Mac and iOS Forensic Analysis and Incident Response
  • Starts 29 Sep 2025 at 8:30 AM CET
  • €8,230 EUR (Course)
  • €905 EUR (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

FOR578: Cyber Threat Intelligence

Intermediate
FOR578Digital Forensics and Incident Response
FOR578: Cyber Threat Intelligence
  • GIAC Cyber Threat Intelligence
  • 6 Days
  • 36 CPEs
  • Jim Simpson
  • Starts 29 Sep 2025 at 8:30 AM CET
  • €8,230 EUR (Course)
  • €905 EUR (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-Person

FOR498: Digital Acquisition and Rapid Triage

Essentials
FOR498Digital Forensics and Incident Response
FOR498: Digital Acquisition and Rapid Triage
  • GIAC Battlefield Forensics and Acquisition
  • 6 Days
  • 36 CPEs
  • Jason Jordaan
  • Starts 29 Sep 2025 at 8:30 AM CET
  • €8,230 EUR (Course)
  • €905 EUR (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

FOR509: Enterprise Cloud Forensics and Incident Response

Major UpdatesIntermediate
FOR509Digital Forensics and Incident Response
FOR509: Enterprise Cloud Forensics and Incident Response
  • Starts 29 Sep 2025 at 8:30 AM CET
  • €8,230 EUR (Course)
  • €905 EUR (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

FOR589: Cybercrime Investigations

Intermediate
FOR589Digital Forensics and Incident Response
FOR589: Cybercrime Intelligence
  • Starts 29 Sep 2025 at 9:00 AM CET
  • €7,715 EUR (Course)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

Chaired By

Jess Garcia
Jess Garcia

Jess Garcia

Founder

Jess Garcia is the founder and technical lead of One eSecurity, a global Information Security company specialized in Incident Response and Digital Forensics.

Read more about Jess Garcia

Schedule

Summit Dates

Sunday 28th September

Training Dates

Monday 29 September - Saturday 4 October

Showing 20 of 26
Filter by:

Registration and Networking

Summit Day08:45AM - 09:30AM CEST
In-Person

Chair Opening Remarks

Summit Day09:30AM - 09:50AM CEST

Presented by

Jess Garcia

Senior Instructor

Jess Garcia
In-Person

The Art of Concealment: How Cybercriminals Are Becoming and Remaining Anonymous

The attribution of cybercrime remains one of the greatest challenges for investigators, largely due to the extensive concealment measures employed by threat actors.

Summit Day09:50AM - 10:20AM CEST

Presented by

Mick Deben

Mick Deben
In-Person

Hunting Payloads in Linux Extended File Attributes

Linux Extended File Attributes provide functionality similar to NTFS Alternate Data Streams (ADS). While often used for legitimate purposes, they can also be abused to conceal malicious content.

Summit Day10:20AM - 10:40AM CEST

Presented by

Xavier Mertens

Certified Instructor

Xavier Mertens
In-Person

Networking Break

Summit Day10:40AM - 11:10AM CEST
In-Person

Extracting the Unseen: Real-World RAM Acquisition and Analysis From Android Devices

Volatile memory on Android devices often contains critical evidence — Encryption keys, credentials, and transient user data that traditional extractions miss.

Summit Day11:10AM - 11:40AM CEST

Presented by

Alex Cooley

Digital Forensic Specialist

Alex Coley
In-Person

Home Automation And IoT As A Source Of Evidence: Forensic Analysis of Home Assistant

As smart homes become more widespread, they present a growing but often overlooked source of digital evidence.

Summit Day11:40AM - 12:00PM CEST

Presented by

Andrea Lazzarotto

Digital Forensics Consultant

Andrea Lazzarotto
In-Person

Tool: 4n6p - A Lightweight, Open Source, Forensic Disk Imager

Forensic imaging doesn’t have to rely on costly proprietary hardware. 4n6pi is a lightweight, open-source project that leverages Raspberry Pi hardware to create forensically sound disk images in E01 format.

Summit Day12:00PM - 12:15PM CEST

Presented by

Egon Lampert

Senior Incident Responder

Egon Lampert
In-Person

Tool: The Only ‘Kanvas’ You Need When Spreadsheets Fail Your IR Case Management

Incident responders often rely on the “Spreadsheet of Doom” (SOD) to track findings and observations, but managing, updating, and extracting insights from these spreadsheets can be cumbersome.

Summit Day12:15PM - 12:30PM CEST

Presented by

Jinto Antony

Senior Investigator - Incident Response

Jinto Antony
In-Person

Networking Lunch

Summit Day12:30PM - 01:30PM CEST
In-Person

MacOS Telemetry vs EDR Telemetry - Which Is Better?

As macOS adoption grows in enterprise environments, threat actors are increasingly targeting these systems, leaving incident responders to adapt their investigative approaches.

Summit Day01:30PM - 02:00PM CEST

Presented by

Fouad Animashaun

Security Engineer

Fouad Animashaun
In-Person

PDF Forensics And Authenticity Detection

This presentation delves into the field of PDF forensic analysis and unveils practical techniques to identify non-original (tampered, altered, or fabricated) PDF documents.

Summit Day02:00PM - 02:30PM CEST

Presented by

Jean-Philippe Noat

Digital Intelligence Expert

Jean Philippe Noat
In-Person

Tool: Location Log Analysis of Google Maps IOS

Presented By:

Antonio Roberto Consalvi, Software Engineer – Studio D’Ingegneria Consalvi

In 2024, Google shifted Google Maps location history storage from the cloud to mobile devices, introducing the location-history.json file on iOS.

Summit Day02:30PM - 02:45PM CEST

Presented by

Ugo Lopez

Professor

Ugo Lopez

Ludovico Nigro

Ludovico Nigro
In-Person

Tool: Forensic WACE - A Multi-Threaded Tool For Semantic Forensic Analysis Of What’s App Chats Using AI Tools

Presented By:

Daniele Monte, Senior Software Engineer – University of Bari

Forensic WACE is a free, multi-threaded tool designed for semantic forensic analysis of WhatsApp databases on iOS and Android.

Summit Day02:45PM - 03:00PM CEST

Presented by

Alessio Palmieri

Alessio Palmieri

Ugo Lopez

Professor

Ugo Lopez
In-Person

Networking Break

Summit Day03:00PM - 03:30PM CEST
In-Person

Mobile Device Hardening: A Forensic Comparison of Advanced Protection Programmes in IOS and Android

How do Apple’s Lockdown Mode and Advanced Data Protection compare to Google’s Advanced Protection introduced in Android 16?

Summit Day03:30PM - 04:00PM CEST

Presented by

Luca Cadonici

Digital Forensics Examiner

Luca Cadonici
In-Person

When The Threat Group Doesn’t Leave: Incident Response Under Fire

What happens when you face one of the most aggressive, capable, and determined threat group - while they’re still active in the network?

Summit Day04:00PM - 04:30PM CEST

Presented by

Eran Laloof

Head of Threat Research

Eran Laloof

Oren Biderman

Threat Intelligence Lead

Oren Biderman
In-Person

Enterprise Digital Forensics And Security With Open Tools: Automate Audits, Computer Forensics Investigations And Incident Response With AWX And Ansible

In modern enterprises, managing digital forensics, incident response, and security audits across hundreds of endpoints and cloud systems is challenging.

Summit Day04:30PM - 05:00PM CEST

Presented by

Alessandro Fiorenzi

Cyber Security & Digital Forensics Expert

Alessandro Fiorenzi
In-Person

Chair Closing Remarks

Summit Day05:00PM - 05:10PM CEST

Presented by

Jess Garcia

Senior Instructor

Jess Garcia
In-Person

Networking Drinks

Summit Day05:10PM - 07:00PM CEST
In-Person

Defending AI with an APE

When it comes to attacks on generative AI, Prompt Injection is everywhere. So everywhere, in fact, that it’s starting to lose all meaning. If everything is Prompt Injection, then nothing really is — right? In this talk, we’ll go beyond the buzzword and into the world of APE: a structured, practical taxonomy designed for the teams on the front lines, Red Teams, SOCs, Incident Response, and Intelligence. APE helps make sense of the chaos by categorising how adversaries are actually targeting AI systems. Whether you're testing defences, triaging incidents, tracking threat actors, or just trying to figure out what’s going wrong with your chatbot at 3 a.m., APE gives you the vocabulary and framework to work smarter. Because let’s be honest, AI isn’t going anywhere, and neither are the people trying to break it.

Training Day 106:00PM - 07:00PM CEST

Presented by

Jim Simpson

Certified Instructor

Jim Simpson
In-Person

Rethinking Digital Forensics in Incident Response

The term DFIR has become really popular over the last several years and is used as an all-encompassing term for digital forensics and incident response. But the reality is that there is actually an inherent contradiction between digital forensics and incident response, because the actual end goals of digital forensics and incident response are actually not the same. The reality is that for most organizations, incident response focuses on making the pain go away, and maybe improving security going forward. Thinking about a legal outcome is far from the reality for most organizations.

Training Day 107:00PM - 08:00PM CEST

Presented by

Jason Jordaan

Principal Instructor

Jason Jordaan
In-Person

The Changing Role of a Security Leader and What It Means to You

As the world of information technology continues to change, so does the role of the security leader. Whether you're a CISO, Director of Security, or someone aspiring for such a position, you should consider how the current trends in IT and business affect your professional journey. Does your current approach to security leadership set you up for success?

Attend this session to learn how experienced CISOs:

- Align their security strategy to the business it aims to support

- Ask the right questions to excel in challenging situations

- Gain support for their efforts from non-security stakeholders

- Use technical and communication skills to their advantage

Those of us whose professional roots are grounded in technology often look at enterprise defenses from the perspective of the threats. While understanding the relationship between attacks and defenses is important, it's no longer sufficient. Attend this session to learn how to think about the role of a modern security leader to succeed in today's business environment.

Training Day 206:00PM - 07:00PM CEST

Presented by

Lenny Zeltser

Fellow

Lenny Zeltser
In-Person

Your Journey to the GenAI-DFIR Era Starts Today

How exactly is Generative AI (GenAI) changing the way Forensicators & Hunters work today? In this talk Jess Garcia will answer that question by presenting everything you need to know to integrate GenAI in your everyday DFIR tasks and get ready for this new era.

Training Day 207:00PM - 08:00PM CEST

Presented by

Jess Garcia

Senior Instructor

Jess Garcia
In-Person

Tournament: DFIR NetWars

Registration: All students who register for a 4–6 day course will be eligible to play NetWars for free. Registration for this event will be through your SANS Account Dashboard the week of the event.

About DFIR NetWars: Focused on digital forensics, incident response, threat hunting, and malware analysis, this tool-agnostic approach covers everything from low-level artifacts to high-level behavioral observations.

Training Day 406:30PM - 09:30PM CEST
In-Person

Tournament: DFIR NetWars

Registration: All students who register for a 4–6 day course will be eligible to play NetWars for free. Registration for this event will be through your SANS Account Dashboard the week of the event.

About DFIR NetWars: Focused on digital forensics, incident response, threat hunting, and malware analysis, this tool-agnostic approach covers everything from low-level artifacts to high-level behavioral observations.

Training Day 506:30PM - 09:30PM CEST
In-Person

Prague, Czech Republic

Vienna House By Wyndham Andels Prague

Prague enchants visitors with its fairytale architecture, from the iconic Charles Bridge to the towering spires of Prague Castle. The city’s cobblestone streets and charming Old Town Square are steeped in centuries of history. You can enjoy world-class beer in cozy pubs and soak in the laid-back, artistic vibe. With its blend of Gothic, Baroque, and modern influences, Prague feels like stepping into a storybook.

View Hotel
Prague, City View

3 Reasons To Stay At The Event Venue

  • Ultimate Convenience

    Eliminate the hassle of daily commutes and wasted travel time. You’ll have everything you need—from your training to dining and amenities - all in one centralized, convenient location.

  • Seamless Networking Opportunities

    Stay where the action is! Maximize your chances to connect with fellow cybersecurity professionals and industry leaders - from impromptu conversations in the lobby to exclusive after-hours events.

  • All Day, All Event Access

    SANS live training events include bonus sessions exclusively at the venue. Staying on-site ensures you won’t miss these opportunities to grow your network and engage with peers beyond the conference agenda.

People at laptops smiling

Location Information

Hotel Special Rates & Reservations

Delegates attending SANS DFIR Europe Prague 2025 may benefit from a discounted room rate at the Vienna House by Wyndham Andel's Prague. Hotel bedrooms are limited and are subject to availability.

Book Now