SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsSummit: 28 September | Training: 29 September - 4 October | Chaired by: Jess Garcia
At SANS, our mission remains steady. We continue to deliver relevant cyber security knowledge and skills, empowering students to protect people and their assets. Register for SANS DFIR Europe Summit & Training 2025 (28 September - 4 October) and continue to build practical cyber security skills you can implement immediately. Choose your course and register now.
Please note, courses are available In-Person in Prague during this event. Please see course details below for availability. For In-Person courses, seating is available on a first-come, first-served basis. Register now to secure your spot.
For the past 15 years, SANS has been steadily contributing to the DFIR community by hosting our annual DFIR Europe Summit in Prague. This year, we are proud to be hosting the 15th edition of this Summit. Join us and your peers for this anniversary edition and learn how to overcome the latest obstacles, hear about the latest open-source forensic tools, share methods and strategies proven effective in your investigations, and connect with the top DFIR practitioners in the industry.
The knowledge you'll absorb throughout our Summit will last the entire year. Whether you’re attending your first DFIR Summit or returning for your fifteenth, you'll join a community that shares a common drive to seek truth through digital forensics and eradicate attackers during incident response engagements.
Ask any of the returning attendees - a key benefit is that you’ll have the opportunity to network with other like-minded DFIR professionals. If you work in digital forensics or incident response, the SANS DFIR Europe Summit is the must-attend event of the year.
In-Person - All Access
"The DFIR Europe Summit in Prague was an amazing opportunity to connect with top professionals and hear cutting-edge case studies. Easily one of the best events I’ve attended for digital forensics."
"The speakers at DFIR Europe brought deep, real-world knowledge. Every session gave me something I could take back to my investigations."
“It was a privilege to attend DFIR Europe. The summit helped reinforce best practices in incident response and forensics. Can't wait for next year.“
Enhance your knowledge base and add to your toolkit with a hands-on, immersive course taught by top SANS instructors and course authors. This year we're featuring 8 Top SANS DFIR courses
You will receive high-quality cybersecurity training directly from real-world practitioners. Register now to experience training you can use immediately to secure your environment and advance your career.
I highly recommend FOR500 for anyone looking to deepen their digital forensics and incident response skills. The course offers a perfect balance of theory and practical application, with real-world examples that bring the content to life. The instructor, Chad Tilbury, is exceptional, sharing his extensive experience and providing valuable insights that you can immediately apply in the field. It’s a must for anyone serious about mastering DFIR techniques!
Fantastic course with in-depth material, delivered by amazing expert. Thanks so much for an amazing week.
As part of your SANS training experience, you’ll receive complimentary access to a NetWars Tournament which is either available at the training event you are attending or will be made available through online access if you are attending a Live Online event. The NetWars Tournament is an interactive cyber range event designed to reinforce your learning through hands-on, gamified challenges.
Save €250 EUR using the code "EarlyBirdEMEA-EURO" and pay for any 4-6 day course (excluding Beta Courses) by August 28, 2025.
Looking for Group Purchasing? Contact Us
1 free practice test when you add a certification exam attempt to your course. Available for select courses below.
Add OnDemand access for 4 months to help you prepare for your GIAC exam. Available for select courses below.
Play two evenings of the Core NetWars Tournament. Free with purchase of a 4, 5, or 6 day course
Jess Garcia is the founder and technical lead of One eSecurity, a global Information Security company specialized in Incident Response and Digital Forensics.
Read more about Jess GarciaSunday 28th September
Monday 29 September - Saturday 4 October
Presented by
Jess Garcia
Senior Instructor
The attribution of cybercrime remains one of the greatest challenges for investigators, largely due to the extensive concealment measures employed by threat actors.
Presented by
Mick Deben
Linux Extended File Attributes provide functionality similar to NTFS Alternate Data Streams (ADS). While often used for legitimate purposes, they can also be abused to conceal malicious content.
Presented by
Xavier Mertens
Certified Instructor
Volatile memory on Android devices often contains critical evidence — Encryption keys, credentials, and transient user data that traditional extractions miss.
Presented by
Alex Cooley
Digital Forensic Specialist
As smart homes become more widespread, they present a growing but often overlooked source of digital evidence.
Presented by
Andrea Lazzarotto
Digital Forensics Consultant
Forensic imaging doesn’t have to rely on costly proprietary hardware. 4n6pi is a lightweight, open-source project that leverages Raspberry Pi hardware to create forensically sound disk images in E01 format.
Presented by
Egon Lampert
Senior Incident Responder
Incident responders often rely on the “Spreadsheet of Doom” (SOD) to track findings and observations, but managing, updating, and extracting insights from these spreadsheets can be cumbersome.
As macOS adoption grows in enterprise environments, threat actors are increasingly targeting these systems, leaving incident responders to adapt their investigative approaches.
Presented by
Fouad Animashaun
Security Engineer
This presentation delves into the field of PDF forensic analysis and unveils practical techniques to identify non-original (tampered, altered, or fabricated) PDF documents.
Presented by
Jean-Philippe Noat
Digital Intelligence Expert
Presented By:
Antonio Roberto Consalvi, Software Engineer – Studio D’Ingegneria Consalvi
In 2024, Google shifted Google Maps location history storage from the cloud to mobile devices, introducing the location-history.json file on iOS.
Presented By:
Daniele Monte, Senior Software Engineer – University of Bari
Forensic WACE is a free, multi-threaded tool designed for semantic forensic analysis of WhatsApp databases on iOS and Android.
How do Apple’s Lockdown Mode and Advanced Data Protection compare to Google’s Advanced Protection introduced in Android 16?
Presented by
Luca Cadonici
Digital Forensics Examiner
What happens when you face one of the most aggressive, capable, and determined threat group - while they’re still active in the network?
In modern enterprises, managing digital forensics, incident response, and security audits across hundreds of endpoints and cloud systems is challenging.
Presented by
Jess Garcia
Senior Instructor
When it comes to attacks on generative AI, Prompt Injection is everywhere. So everywhere, in fact, that it’s starting to lose all meaning. If everything is Prompt Injection, then nothing really is — right? In this talk, we’ll go beyond the buzzword and into the world of APE: a structured, practical taxonomy designed for the teams on the front lines, Red Teams, SOCs, Incident Response, and Intelligence. APE helps make sense of the chaos by categorising how adversaries are actually targeting AI systems. Whether you're testing defences, triaging incidents, tracking threat actors, or just trying to figure out what’s going wrong with your chatbot at 3 a.m., APE gives you the vocabulary and framework to work smarter. Because let’s be honest, AI isn’t going anywhere, and neither are the people trying to break it.
Presented by
Jim Simpson
Certified Instructor
The term DFIR has become really popular over the last several years and is used as an all-encompassing term for digital forensics and incident response. But the reality is that there is actually an inherent contradiction between digital forensics and incident response, because the actual end goals of digital forensics and incident response are actually not the same. The reality is that for most organizations, incident response focuses on making the pain go away, and maybe improving security going forward. Thinking about a legal outcome is far from the reality for most organizations.
Presented by
Jason Jordaan
Principal Instructor
As the world of information technology continues to change, so does the role of the security leader. Whether you're a CISO, Director of Security, or someone aspiring for such a position, you should consider how the current trends in IT and business affect your professional journey. Does your current approach to security leadership set you up for success?
Attend this session to learn how experienced CISOs:
- Align their security strategy to the business it aims to support
- Ask the right questions to excel in challenging situations
- Gain support for their efforts from non-security stakeholders
- Use technical and communication skills to their advantage
Those of us whose professional roots are grounded in technology often look at enterprise defenses from the perspective of the threats. While understanding the relationship between attacks and defenses is important, it's no longer sufficient. Attend this session to learn how to think about the role of a modern security leader to succeed in today's business environment.
Presented by
Lenny Zeltser
Fellow
How exactly is Generative AI (GenAI) changing the way Forensicators & Hunters work today? In this talk Jess Garcia will answer that question by presenting everything you need to know to integrate GenAI in your everyday DFIR tasks and get ready for this new era.
Presented by
Jess Garcia
Senior Instructor
Registration: All students who register for a 4–6 day course will be eligible to play NetWars for free. Registration for this event will be through your SANS Account Dashboard the week of the event.
About DFIR NetWars: Focused on digital forensics, incident response, threat hunting, and malware analysis, this tool-agnostic approach covers everything from low-level artifacts to high-level behavioral observations.
Registration: All students who register for a 4–6 day course will be eligible to play NetWars for free. Registration for this event will be through your SANS Account Dashboard the week of the event.
About DFIR NetWars: Focused on digital forensics, incident response, threat hunting, and malware analysis, this tool-agnostic approach covers everything from low-level artifacts to high-level behavioral observations.
Prague enchants visitors with its fairytale architecture, from the iconic Charles Bridge to the towering spires of Prague Castle. The city’s cobblestone streets and charming Old Town Square are steeped in centuries of history. You can enjoy world-class beer in cozy pubs and soak in the laid-back, artistic vibe. With its blend of Gothic, Baroque, and modern influences, Prague feels like stepping into a storybook.
Eliminate the hassle of daily commutes and wasted travel time. You’ll have everything you need—from your training to dining and amenities - all in one centralized, convenient location.
Stay where the action is! Maximize your chances to connect with fellow cybersecurity professionals and industry leaders - from impromptu conversations in the lobby to exclusive after-hours events.
SANS live training events include bonus sessions exclusively at the venue. Staying on-site ensures you won’t miss these opportunities to grow your network and engage with peers beyond the conference agenda.
Delegates attending SANS DFIR Europe Prague 2025 may benefit from a discounted room rate at the Vienna House by Wyndham Andel's Prague. Hotel bedrooms are limited and are subject to availability.