DFIRCON Workshops Agenda

Community Learning Day at DFIRCON - Sun, Nov 17 @ 8:00 AM

Join us for an exclusive, in-person Community Learning Day just before DFIRCON begins, focused on enhancing your cybersecurity skills with open-source tools. This special day offers a unique opportunity to learn from industry-leading experts through interactive tutorials. These sessions will guide you through the practical applications and best practices of using these tools in cybersecurity. You'll gain actionable skills and insights directly from the authors and developers in this immersive experience.

Community Learning Day is exclusive for in-person attendees.

Community Learning Day Agenda - Sun, Nov 17 @ 8:00 AM

Room 1	Room 2
8:00 AM - 10:00 AM Session: Cloud incident response at zero cost, leveraging open-source tooling for acquisition and analysis. Presenter: Korstiaan Stam Description: Join this hands-on workshop where you'll learn how to leverage Invictus' open-source tooling to acquire data from major platforms like Microsoft, AWS, and Google Workspace, all without incurring any costs. Gain practical skills in zero-cost data acquisition and a deeper understanding of how to find indications of an attack using open-source solutions.	8:00 AM - 10:00 AM Session: SOF-ELK Hands-on Workshop Presenter: Phil Hagen Description: Explore the SOF-ELK platform and its Elastic Stack components for digital forensic investigations.
10:00 AM - 10:15 AM Morning Break	10:00 AM - 10:15 AM Morning Break
10:15 AM - 12:15 PM Session: Getting Started with EZ Tools Presenter: Eric Zimmerman Description: Learn the basics of EZ Tools to quickly process Windows artifacts. This session covers exporting data to CSV and analyzing output from various tools.	10:15 AM - 12:15 PM Session: The Joy of ArtExperimentation! Presenter: Ian Whiffin Description: This session will examine the use of ArtEx in testing and researching of forensic artifacts, digging into the features of the tool that are designed to make your job easier.
12:15 PM - 1:15 PM Lunch Break	12:15 PM - 1:15 PM Lunch Break
1:15 PM - 3:15 PM Session: Mastering xLEAPP for Multi-Platform Artifact Parsing Presenter: Alexis Brignoni Description: Learn to use xLEAPP's framework to create plugins and parse artifacts from iOS, macOS, Android, Chromebooks, warranty returns, and Windows.	1:15 PM - 3:15 PM Session: Mastering SIFT Workstation Presenters: Mike Pilkington and Erik Kristensen Description: A comprehensive guide to using the SANS Investigative Forensic Toolkit Workstation for digital forensics and incident response.
3:15 PM - 3:30 PM Afternoon Break	3:15 PM - 3:30 PM Afternoon Break
3:30 PM - 5:30 PM Session: OneDrive Forensics Presenter: Brian Maloney Description: Learn the essential techniques for extracting, analyzing, and managing forensic data from the OneDrive client to enhance your digital investigation skills.	3:30 PM - 5:30 PM Session: Tool Validation Presenter: Kat Hedley Description: Learn to validate your Digital Forensic tools through a hands-on tutorial, ensuring they deliver accurate results in real-world scenarios.
5:30 PM - 6:00 PM Wrap-Up Session: Closing remarks and summary of key takeaways	5:30 PM - 6:00 PM Wrap-Up Session: Closing remarks and summary of key takeaways.
6:30 PM - 7:30 PM Reception: An opportunity to network and reflect on the day's sessions and insights in a relaxed setting.

Room 1

Room 2

8:00 AM - 10:00 AM

Session: Cloud incident response at zero cost, leveraging open-source tooling for acquisition and analysis.

Presenter: Korstiaan Stam

Description: Join this hands-on workshop where you'll learn how to leverage Invictus' open-source tooling to acquire data from major platforms like Microsoft, AWS, and Google Workspace, all without incurring any costs. Gain practical skills in zero-cost data acquisition and a deeper understanding of how to find indications of an attack using open-source solutions.

8:00 AM - 10:00 AM

Session: SOF-ELK Hands-on Workshop

Presenter: Phil Hagen

Description: Explore the SOF-ELK platform and its Elastic Stack components for digital forensic investigations.

10:00 AM - 10:15 AM

Morning Break

10:00 AM - 10:15 AM

Morning Break

10:15 AM - 12:15 PM

Session: Getting Started with EZ Tools

Presenter: Eric Zimmerman

Description: Learn the basics of EZ Tools to quickly process Windows artifacts. This session covers exporting data to CSV and analyzing output from various tools.

10:15 AM - 12:15 PM

Session: The Joy of ArtExperimentation!

Presenter: Ian Whiffin

Description: This session will examine the use of ArtEx in testing and researching of forensic artifacts, digging into the features of the tool that are designed to make your job easier.

12:15 PM - 1:15 PM

Lunch Break

12:15 PM - 1:15 PM

Lunch Break

1:15 PM - 3:15 PM

Session: Mastering xLEAPP for Multi-Platform Artifact Parsing

Presenter: Alexis Brignoni

Description: Learn to use xLEAPP's framework to create plugins and parse artifacts from iOS, macOS, Android, Chromebooks, warranty returns, and Windows.

1:15 PM - 3:15 PM

Session: Mastering SIFT Workstation

Presenters: Mike Pilkington and Erik Kristensen

Description: A comprehensive guide to using the SANS Investigative Forensic Toolkit Workstation for digital forensics and incident response.

3:15 PM - 3:30 PM

Afternoon Break

3:15 PM - 3:30 PM

Afternoon Break

3:30 PM - 5:30 PM

Session: OneDrive Forensics

Presenter: Brian Maloney

Description: Learn the essential techniques for extracting, analyzing, and managing forensic data from the OneDrive client to enhance your digital investigation skills.

3:30 PM - 5:30 PM

Session: Tool Validation

Presenter: Kat Hedley

Description: Learn to validate your Digital Forensic tools through a hands-on tutorial, ensuring they deliver accurate results in real-world scenarios.

5:30 PM - 6:00 PM

Wrap-Up Session: Closing remarks and summary of key takeaways

5:30 PM - 6:00 PM

Wrap-Up Session: Closing remarks and summary of key takeaways.

6:30 PM - 7:30 PM

Reception: An opportunity to network and reflect on the day's sessions and insights in a relaxed setting.