Featured DFIR Summit Information
Featured Panel
Puzzle Solving and Science: The Secret Sauce of Innovation in Mobile Forensics?
Friday, June 24 - 9:45am
More Information
Summit Agenda
Don't miss the opportunity to attend the most comprehensive DFIR event of the year! Learn how to defeat your enemy and become a DFIR Superhero in 8 days! View the schedule overview using the tabs above.
| Time | Presentation | Speaker | ||
|---|---|---|---|---|
| 9:00-9:10am | Welcome and Opening Remarks | |||
| 9:10-10:00am | Keynote: Defending a Cloud |
Troy Larson, Microsoft Security Response Center | Azure@troyla |
||
| 10:00-10:30am | Networking Break and Vendor Expo | |||
| 10:30-11:00am | iOS of Sauron: How iOS Tracks Everything You Do |
Sarah Edwards, Mac Nerd, Parsons Corporation; Author and Instructor, FOR518, SANS Institute@iamevltwin |
||
| Expanding the Hunt: A Case Study in Pivoting Using Passive DNS and Full PCAP |
Gene Stevens, Chief Technology Officer, ProtectWise, Inc.@genestevens Dr. Paul Vixie, CEO, Farsight Security@paulvixie |
|||
| 11:05-11:35am | Hello Barbie Forensics |
Andrew Blaich, Ph.D, Lead Security Analyst, Bluebox Security@ablaich Andrew Hay, CISO, Data Gravity@andrewsmhay |
||
| Start-Process PowerShell: Get-ForensicArtifact |
Jared Atkinson, Hunt Capability Lead, Veris Group's Adaptive Threat Division@jaredcatkinson |
|||
| 11:40-12:10pm | You Don't Know Jack About .bash_history |
Hal Pomeranz, Principal, Deer Run Associates; Fellow, SANS Institute@hal_pomeranz |
||
CryptoLocker Ransomeware Variants Are Lurking "In the Shadows;" Learn How to Protect Against Them |
Ryan Nolette, Security Operations Lead, Carbon Black |
|||
| 12:10-12:25pm | Ken Johnson Memorial Scholarship |
Rob Lee, DFIR Lead, SANS Institute |
||
| 12:25-1:30pm | Lunch and Learn TBA | |||
| 1:30-2:00pm | Rising from the Ashes: How to Rebuild a Security Program Gone Wrong... With Help from Taylor Swift |
Mike Hracs, Senior Consultant, Deloitte@bumjubeo Shelly Giesbrecht, Incident Responder, Cisco@nerdiosity |
||
| Tracking Threat Actors through YARA Rules and Virus Total |
Kevin Perlow, Senior Consultant, Booz Allen Hamilton Allen Swackhamer, Associate, Booz Allen Hamilton |
|||
| 2:05-2:35pm | All About that (Date)Base |
Matt Bromiley, Senior Consultant, Mandiant Jacob Christie, Consultant, Mandiant |
||
| FLOSS Every Day: Automatically Extracting Obfuscated Strings from Malware |
William Ballenthin, Reverse Engineer, FireEye@williballenthin Moritz Raabe, Reverse Engineer, FireEye |
|||
| 2:40-3:10pm | UAV Forensics |
David Kovar, Senior Manager - Cybersecurity Practice, EY@dckovar |
||
| Plumbing the Depths: Windows Registry Internals |
Eric Zimmerman, Sr. Director, Kroll Cyber Security @EricRZimmerman |
|||
| 3:10-3:40pm | Networking Break and Vendor Expo | |||
| 3:40-4:10pm | Trust but Verify: Why, When and How |
Mari DeGrazia, Director, Kroll Cyber Security@maridegrazia |
||
| The Incident Response playbook for Android and iOS |
Andrew Hoog, CEO and Co-Founder, NowSecure@ahoog42 |
|||
| 4:15-4:45pm | Analyzing Dridex, Getting Owned by Dridex, and Bringing in the New Year with Locky |
|||
| What Does my SOC Do?: A Framework for Defining an InfoSec Ops Strategy |
Austin Murphy, Director of Incident Response, CrowdStrike Services@austinjmurphy |
|||
| 4:45-5:15pm | Forensic 4cast Awards |
Lee Whitfield, Director of Forensics, Digital Discovery@lee_whitfield |
||
| 6:00pm | DFIR Night in Austin Join fellow attendees and speakers for a night of networking and fun | |||
| Time | Presentation | Speaker | ||
|---|---|---|---|---|
| 9:00-9:45am | Keynote: The History of Data Forensics, and Get off my Lawn! |
Andy Rosen, President, ASR Data Acquisition & Analysis, LLC |
||
| 9:45-10:30am | Panel: Puzzle Solving and Science
The Secret Sauce of Innovation in Mobile Forensics
Featuring:
|
|||
| 10:30-11:00am | Networking Break and Vendor Expo | |||
| 11:00-11:30am | What Would You Say You Do Here?: Redefining the Role of Intelligence in Investigations |
Rebekah Brown, Threat Intelligence Lead, Rapid7@PDXbek |
||
| Using Endpoint Telemtry to Accelerate the Baseline |
Keith McCammon, Co-Founder and VP of Detection Operations, Red Canary@kwm |
|||
| 11:35-12:05pm | Who Watches the Smart Watches |
Brian Moran, Digital Strategy Consultant, BriMor Labs@brianjmoran |
||
| Deleted Evidence: Fill in the Map to Luke Skywalker |
Mary Singh, Senior Consultant, FireEye@marycheese |
|||
| 12:05-1:15pm | Lunch and Learn TBA | |||
| 1:15-1:45pm | Seeing Red: Improving the Blue Teams with Red Teaming |
|||
| Hadoop Forensics |
Kevvie Fowler, National Leader - Cyber Response Services, KPMG Canada@kevviefowler |
|||
| 1:50-2:20pm | Rocking your Windows EventID with ELK Stack |
Rodrigo Ribeiro Montoro, Security Researcher, Clavis Security Brazil@spookerlabs |
||
| To Automate of Not To Automate; That is the Incident Response Question |
Dr. Brian Carrier, VP - Digital Forensics, Basis Technology@carrier4n6 |
|||
| 2:20-2:50pm | Networking Break and Vendor Expo | |||
| 2:50-3:20pm | Incident Detection and Hunting @ Scale: An Introduction to osquery |
Scott J. Roberts, Bad Guy Catcher, GitHub Kevin Thompson, Senior Incident Responder, Heroku@bfist |
||
| Dive into DSL: Digital Response Analysis with Elasticsearch |
Brian Marks, Senior Associate, KPMG @brianDFIR Andrea Sancho Silgado, Associate, KPMG |
|||
| 3:25-3:55pm | stoQ'ing your Splunk |
Ryan Kovar, Staff Security Strategist, Splunk@meansec Marcus LaFerrera, Director of Development, PUNCH Cyber Analytics Group@mlaferrera |
||
| Accurate Thinking: Analytic Pitfalls and How to Avoid Them |
Kyle Maxwell, Senior Researcher, Verisign iDefense |
|||
| 4:00-4:30pm | Leveraging Cyber Threat Intelligence in an Active Cyber Defense |
Erick Mandt, Analyst, Air Force Office of Special Investigations (AFOSI) Robert M. Lee, Author and Instructor, SANS Institute@robertmlee |
||
| 4:30pm | Closing Remarks and Wrap Up Featuring: Rob Lee, DFIR Lead, SANS Institute @robtlee | |||
