Featured DFIR Summit Information
Featured Panel
Puzzle Solving and Science: The Secret Sauce of Innovation in Mobile Forensics?
Friday, June 24 - 9:45am
More Information
Summit Agenda
Don't miss the opportunity to attend the most comprehensive DFIR event of the year! Learn how to defeat your enemy and become a DFIR Superhero in 8 days! View the schedule overview using the tabs above.
Time | Presentation | Speaker | ||
---|---|---|---|---|
9:00-9:10am | Welcome and Opening Remarks | |||
9:10-10:00am | Keynote: Defending a Cloud |
Troy Larson, Microsoft Security Response Center | Azure@troyla |
||
10:00-10:30am | Networking Break and Vendor Expo | |||
10:30-11:00am | iOS of Sauron: How iOS Tracks Everything You Do |
Sarah Edwards, Mac Nerd, Parsons Corporation; Author and Instructor, FOR518, SANS Institute@iamevltwin |
||
Expanding the Hunt: A Case Study in Pivoting Using Passive DNS and Full PCAP |
Gene Stevens, Chief Technology Officer, ProtectWise, Inc.@genestevens Dr. Paul Vixie, CEO, Farsight Security@paulvixie |
|||
11:05-11:35am | Hello Barbie Forensics |
Andrew Blaich, Ph.D, Lead Security Analyst, Bluebox Security@ablaich Andrew Hay, CISO, Data Gravity@andrewsmhay |
||
Start-Process PowerShell: Get-ForensicArtifact |
Jared Atkinson, Hunt Capability Lead, Veris Group's Adaptive Threat Division@jaredcatkinson |
|||
11:40-12:10pm | You Don't Know Jack About .bash_history |
Hal Pomeranz, Principal, Deer Run Associates; Fellow, SANS Institute@hal_pomeranz |
||
CryptoLocker Ransomeware Variants Are Lurking "In the Shadows;" Learn How to Protect Against Them |
Ryan Nolette, Security Operations Lead, Carbon Black |
|||
12:10-12:25pm | Ken Johnson Memorial Scholarship |
Rob Lee, DFIR Lead, SANS Institute |
||
12:25-1:30pm | Lunch and Learn TBA | |||
1:30-2:00pm | Rising from the Ashes: How to Rebuild a Security Program Gone Wrong... With Help from Taylor Swift |
Mike Hracs, Senior Consultant, Deloitte@bumjubeo Shelly Giesbrecht, Incident Responder, Cisco@nerdiosity |
||
Tracking Threat Actors through YARA Rules and Virus Total |
Kevin Perlow, Senior Consultant, Booz Allen Hamilton Allen Swackhamer, Associate, Booz Allen Hamilton |
|||
2:05-2:35pm | All About that (Date)Base |
Matt Bromiley, Senior Consultant, Mandiant Jacob Christie, Consultant, Mandiant |
||
FLOSS Every Day: Automatically Extracting Obfuscated Strings from Malware |
William Ballenthin, Reverse Engineer, FireEye@williballenthin Moritz Raabe, Reverse Engineer, FireEye |
|||
2:40-3:10pm | UAV Forensics |
David Kovar, Senior Manager - Cybersecurity Practice, EY@dckovar |
||
Plumbing the Depths: Windows Registry Internals |
Eric Zimmerman, Sr. Director, Kroll Cyber Security @EricRZimmerman |
|||
3:10-3:40pm | Networking Break and Vendor Expo | |||
3:40-4:10pm | Trust but Verify: Why, When and How |
Mari DeGrazia, Director, Kroll Cyber Security@maridegrazia |
||
The Incident Response playbook for Android and iOS |
Andrew Hoog, CEO and Co-Founder, NowSecure@ahoog42 |
|||
4:15-4:45pm | Analyzing Dridex, Getting Owned by Dridex, and Bringing in the New Year with Locky |
|||
What Does my SOC Do?: A Framework for Defining an InfoSec Ops Strategy |
Austin Murphy, Director of Incident Response, CrowdStrike Services@austinjmurphy |
|||
4:45-5:15pm | Forensic 4cast Awards |
Lee Whitfield, Director of Forensics, Digital Discovery@lee_whitfield |
||
6:00pm | DFIR Night in Austin Join fellow attendees and speakers for a night of networking and fun | |||
Time | Presentation | Speaker | ||
---|---|---|---|---|
9:00-9:45am | Keynote: The History of Data Forensics, and Get off my Lawn! |
Andy Rosen, President, ASR Data Acquisition & Analysis, LLC |
||
9:45-10:30am | Panel: Puzzle Solving and Science
The Secret Sauce of Innovation in Mobile Forensics
Featuring:
|
|||
10:30-11:00am | Networking Break and Vendor Expo | |||
11:00-11:30am | What Would You Say You Do Here?: Redefining the Role of Intelligence in Investigations |
Rebekah Brown, Threat Intelligence Lead, Rapid7@PDXbek |
||
Using Endpoint Telemtry to Accelerate the Baseline |
Keith McCammon, Co-Founder and VP of Detection Operations, Red Canary@kwm |
|||
11:35-12:05pm | Who Watches the Smart Watches |
Brian Moran, Digital Strategy Consultant, BriMor Labs@brianjmoran |
||
Deleted Evidence: Fill in the Map to Luke Skywalker |
Mary Singh, Senior Consultant, FireEye@marycheese |
|||
12:05-1:15pm | Lunch and Learn TBA | |||
1:15-1:45pm | Seeing Red: Improving the Blue Teams with Red Teaming |
|||
Hadoop Forensics |
Kevvie Fowler, National Leader - Cyber Response Services, KPMG Canada@kevviefowler |
|||
1:50-2:20pm | Rocking your Windows EventID with ELK Stack |
Rodrigo Ribeiro Montoro, Security Researcher, Clavis Security Brazil@spookerlabs |
||
To Automate of Not To Automate; That is the Incident Response Question |
Dr. Brian Carrier, VP - Digital Forensics, Basis Technology@carrier4n6 |
|||
2:20-2:50pm | Networking Break and Vendor Expo | |||
2:50-3:20pm | Incident Detection and Hunting @ Scale: An Introduction to osquery |
Scott J. Roberts, Bad Guy Catcher, GitHub Kevin Thompson, Senior Incident Responder, Heroku@bfist |
||
Dive into DSL: Digital Response Analysis with Elasticsearch |
Brian Marks, Senior Associate, KPMG @brianDFIR Andrea Sancho Silgado, Associate, KPMG |
|||
3:25-3:55pm | stoQ'ing your Splunk |
Ryan Kovar, Staff Security Strategist, Splunk@meansec Marcus LaFerrera, Director of Development, PUNCH Cyber Analytics Group@mlaferrera |
||
Accurate Thinking: Analytic Pitfalls and How to Avoid Them |
Kyle Maxwell, Senior Researcher, Verisign iDefense |
|||
4:00-4:30pm | Leveraging Cyber Threat Intelligence in an Active Cyber Defense |
Erick Mandt, Analyst, Air Force Office of Special Investigations (AFOSI) Robert M. Lee, Author and Instructor, SANS Institute@robertmlee |
||
4:30pm | Closing Remarks and Wrap Up Featuring: Rob Lee, DFIR Lead, SANS Institute @robtlee | |||