2 Days Left to Save $400 on SANSFIRE 2017

DFIR Summit & Training 2017

Austin, TX | Thu, Jun 22 - Thu, Jun 29, 2017
Event starts in 23 Days
 

DFIR Summit Agenda


"There is no substitute for the value of the DFIR Summit. The speakers and networking answer real world questions." - Mark Stingley, University of Texas

We strive to present the most relevant, timely and valuable content. As a result, this agenda is subject to change. Please check back frequently for changes and updates.

Thursday, June 22, 2017
Time Presentation Speaker
9:00-9:15 am Welcome & Introductions
  • Phil Hagen (@PhilHagen), Certified Instructor & Summit Co-Chair, SANS Institute & DFIR Strategist, Red Canary
  • Rob Lee (@robtlee), DFIR Lead & Summit Co-Chair, SANS Institute
9:15-10:00 am

Opening Keynote: The Secret History of Cyber War

Fred Kaplan (@fmkaplan), National Security Columnist, Slate & Author, Dark Territory: The History of Cyber War
10:05-10:40 am The Cider Press - Extracting Forensic Artifacts from Apple Continuity
10:40-11:05 am Networking Break & Vendor Expo
11:05-11:40 am

The Forensics of Plagiarism: A Case Study in Cheating

Tim Ball, PhD, Southern Utah University
11:40-12:15 pm Mac Forensics: Looking into the past with FSEvents Nicole Ibrahim (@nicoleibrahim), Digital Forensics Expert and researcher at G-C Partners, LLC
12:15-1:30 pm Networking Luncheon
1:30-2:05 pm Google Drive Forensics Ashley Holtz (@thec0dem0nkey), Senior Services Engineer, CrowdStrike
2:10-2:45 pm

Your Eyes Can Deceive You - Implications of Firmware Trickery in Metamorphic Hard Drives

Courtney Webb, Team Leader, Electronic Evidence, New South Wales Police Force
2:45-3:15 pm Networking Break & Vendor Expo
3:15-3:50 pm

Know Your Creds, or Die Trying

Chad Tilbury (@chadtilbury), Technical Director, CrowdStrike; Senior Instructor, SANS Institute
3:55-4:30 pm Tracking Bitcoin Transactions on the Blockchain Kevin Perlow, Associate, Booz Allen Hamilton
4:35-5:10 pm

MAC Times, Mac Times, and More

Lee Whitfield (@lee_whitfield), Director of Forensics, Digital Discovery
5:15-5:45 pm Beats & Bytes: Striking the Right Chord in Digital Forensics (OR: Fiddling with Your Evidence)
  • Cindy Murphy (@CindyMurph), President, Gillware Digital Forensics; Certified Instructor, SANS Institute
  • Ryan Pittman, Resident Agent-in-Charge, NASA Office of Inspector General's Computer Crimes Division
5:45-6:45 pm Networking Reception
6:45-??? DFIR Night Out in ATX!
Friday, June 23rd, 2017
Time Presentation Speaker
9:00-9:15 am Day 2 Overview & Opening Remarks
  • Phil Hagen (@PhilHagen), Certified Instructor & Summit Co-Chair, SANS Institute & DFIR Strategist, Red Canary
  • Rob Lee (@robtlee), DFIR Lead & Summit Co-Chair, SANS Institute
9:15-10:00 am

A Million Little Wizards: Scaling Forensics Isn't Magic

Johan Berggren (@jberggren), Senior Security Engineer, Google
10:05-10:40 am Alexa, Are you Skynet?
  • Jessica Hyde (@B1N2H3X), Director of Forensics, Magnet Forensics; Adjunct Professor, George Mason University
  • Brian Moran (@brianjmoran), Digital Strategy Consultant, BriMor Labs
10:40-11:10 am Networking Break & Vendor Expo
11:10-11:50 am

Incident Response in the Cloud (AWS)

Jonathon Poling (@JPoForenso), Principal Consultant / Future Operations, SecureWorks
11:50 am - 12:25 pm EXT File System Recovery Hal Pomeranz (@halpomeranz), Principal, Deer Run Associates
12:25-1:30 p.m Lunch & Learn Sessions
1:30-1:45 pm Open Source DFIR Made Easy: The Setup
  • Stephen Hinck (@StephenHinck), Senior Technical Account Manager, ICEBRG
  • Alan Orlikoski (@AlanOrlikoski), Senior Manager, Incident Response & Threat Protection Team
1:45-2:20 pm

The Audit Log Was Cleared

  • Austin Baker, Consultant, Mandiant
  • Jacob Christie, Incident Responder, Mandiant
2:20-2:55 pm Japanese Manufacturing, Killer Robots, & Effective Incident Handling
  • Scott J. Roberts, SIRT Lead, GitHub
  • Kevin D. Thompson, Security Operations Lead, Heroku
2:55-3:25 pm Networking Break & Vendor Expo
3:25-4:00 pm

Deciphering Browser Hieroglyphics

Ryan Benson (@_RyanBenson), Senior Threat Researcher, Exabeam
4:00-4:35 pm Boot What? Why Tech Invented by IBM in 1983 is Sill Relevant Today Christopher Glyer (@cglyer), Chief Security Architect, FireEye
4:35-5:05 pm

Processing PCI Track Data with CDPO

David Pany (@DavidPany), Senior Consultant, Mandiant
5:05-5:30 pm Forensic 4cast Awards Lee Whitfield (@lee_whitfield), Director of Forensics, Digital Discovery
5:30 pm

Closing Remarks

  • Phil Hagen (@PhilHagen), Certified Instructor & Summit Co-Chair, SANS Institute & DFIR Strategist, Red Canary
  • Rob Lee (@robtlee), DFIR Lead & Summit Co-Chair, SANS Institute