Whether you're seeking to maintain a trail of evidence on host or network systems or hunting for threats using similar techniques, larger organizations are in need of specialized professionals who can move beyond first-response incident handling to analyze an attack and develop an appropriate remediation and recovery plan. Our DFIR Curriculum will teach you how to detect compromised systems, identify how and when a breach occurred, understand what attackers took or changed, and successfully contain and remediate incidents.
Every year the SANS Digital Forensics & Incident Response (DFIR) Faculty produces thousands of free content-rich resources for the digital forensics community. These resources are aimed to provide you with the latest in research and technology available to help you streamline your investigations. Our number one priority is to support the DFIR community by not only providing content to solve even the most difficult problems investigators face daily, but also provide an open forum for community mentoring, development and support.