Talk With an Expert

SANS DFIRCON Miami 2025

  • Sun, Nov 16 - Sat, Nov 22, 2025
  • 15 Courses
  • 1 Tournament
  • English
Hyatt Regency Coral Gables & Virtual (ET)
50 Alhambra Plaza, Coral Gables, FL 33134
Coral Gables, Trolley and Large Building
Early Bird Offer

Save 500 USD using the code "EarlyBirdNA" and pay for any 4-6 day course (excluding Beta Courses) by August 17, 2025.

Important Dates
Refund Deadline:
Hotel Group Discount Deadline:

Courses

Looking for Group Purchasing? Contact Sales

Showing 9 of 15
Filter by:

SEC401: Security Essentials - Network, Endpoint, and Cloud

Essentials
SEC401Cyber Defense
SEC401: Security Essentials - Network, Endpoint, and Cloud
  • GIAC Security Essentials
  • 6 Days
  • 46 CPEs
  • Ross Bergman
  • Starts 17 Nov 2025 at 8:30 AM ET
  • $8,780 USD (Course)
  • $999 USD (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

SEC504: Hacker Tools, Techniques, and Incident Handling

Essentials
SEC504Offensive Operations
SEC504: Hacker Tools, Techniques, and Incident Handling
  • GIAC Certified Incident Handler
  • 6 Days
  • 38 CPEs
  • James Leyte-Vidal
  • Starts 17 Nov 2025 at 8:30 AM ET
  • $8,780 USD (Course)
  • $999 USD (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics

Intermediate
FOR508Digital Forensics and Incident Response
FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
  • GIAC Certified Forensic Analyst
  • 6 Days
  • 36 CPEs
  • Carlos Cajigas
  • Starts 17 Nov 2025 at 8:30 AM ET
  • $8,780 USD (Course)
  • $999 USD (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

Advanced
FOR610Digital Forensics and Incident Response
FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
  • GIAC Reverse Engineering Malware
  • 6 Days
  • 36 CPEs
  • Evan Dygert
  • Starts 17 Nov 2025 at 8:30 AM ET
  • $8,780 USD (Course)
  • $999 USD (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

FOR500: Windows Forensic Analysis

Essentials
FOR500Digital Forensics and Incident Response
FOR500: Windows Forensic Analysis
  • GIAC Certified Forensic Examiner
  • 6 Days
  • 36 CPEs
  • Ovie Carroll
  • Starts 17 Nov 2025 at 8:30 AM ET
  • $8,780 USD (Course)
  • $999 USD (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

FOR585: Smartphone Forensic Analysis In-Depth

Major UpdatesEssentials
FOR585Digital Forensics and Incident Response
FOR585: Smartphone Forensic Analysis In-Depth
  • GIAC Advanced Smartphone Forensics
  • 6 Days
  • 36 CPEs
  • Domenica Crognale
  • Starts 17 Nov 2025 at 8:30 AM ET
  • $8,780 USD (Course)
  • $999 USD (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response

Advanced
FOR572Digital Forensics and Incident Response
FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
  • GIAC Network Forensic Analyst
  • 6 Days
  • 36 CPEs
  • Philip Hagen
  • Starts 17 Nov 2025 at 8:30 AM ET
  • $8,780 USD (Course)
  • $999 USD (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

FOR518: Mac and iOS Forensic Analysis and Incident Response

Intermediate
FOR518Digital Forensics and Incident Response
FOR518: Mac and iOS Forensic Analysis and Incident Response
  • GIAC iOS and macOS Examiner
  • 6 Days
  • 36 CPEs
  • Sarah Edwards
  • Starts 17 Nov 2025 at 8:30 AM ET
  • $8,780 USD (Course)
  • $999 USD (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

FOR578: Cyber Threat Intelligence

Intermediate
FOR578Digital Forensics and Incident Response
FOR578: Cyber Threat Intelligence
  • GIAC Cyber Threat Intelligence
  • 6 Days
  • 36 CPEs
  • John Doyle
  • Starts 17 Nov 2025 at 8:30 AM ET
  • $8,780 USD (Course)
  • $999 USD (Certification)
  • *Prices exclude applicable local taxes

View course details
Log in to register:In-PersonVirtual

Featured Speakers

Schedule

Bonus Session

Engage in extra learning and activities during SANS events.

Course Training

Daily required course training hours throughout the week.

NetWars Tournaments

Hands-on competitions to test and sharpen your cybersecurity skills.

Showing 12 of 20
Filter by:

Registration

Day 010:00AM - 11:00AM EST
In-Person

SOF-ELK Hands-on Workshop 2025 Edition

Learn how to use SOF-ELK®, a free and open-source Elastic Stack distribution tailored for security and DFIR. This hands-on workshop includes the latest 2025 updates and guides you through loading logs, analyzing data via Kibana, and building visualizations to support real-world investigations.

Day 011:00AM - 12:45PM EST

Presented by

Phil Hagen

Fellow

Phil Hagen
In-Person

Mastering Investigations with EZ Tools: Fast, Focused, and Forensically Sound

Join Eric Zimmerman for a hands-on dive into EZ Tools, the widely used open-source suite for Windows forensics. Learn how to leverage tools like KAPE, RECmd, and ShellBags Explorer to collect, parse, and analyze evidence efficiently. This session includes the latest expert tips on integrating new features into your investigative workflow.

Day 011:00AM - 12:45PM EST
In-Person

Lunch Break

Day 012:45PM - 01:45PM EST
In-Person

ArtExperimentation

Get hands-on with ArtEx, a powerful tool for researching and testing forensic artifacts with speed and precision. Learn how to navigate file systems, analyze serialized data, and explore key structures across multiple sources. This session includes what you need to integrate ArtEx into your workflow for artifact validation and investigative support.

Day 001:45PM - 03:45PM EST
In-Person

Open Source Digital Forensics using Python: The LEAPPs Toolset

Explore the LEAPPs suite for fast, structured parsing of mobile and cloud artifacts. This hands-on session covers expanded support for Google Takeout, vehicle data, and more to help streamline triage and improve investigation accuracy.

Day 001:45PM - 03:45PM EST
In-Person

Break

Day 003:45PM - 04:00PM EST
In-Person

Getting Hands-On with SIFT: Practical Forensics Using the SANS Investigative Toolkit

Get hands-on with the SANS Investigative Forensic Toolkit (SIFT), a powerful open-source workstation built to support in-depth forensic analysis. SIFT integrates several open-source tools to help you examine compromised systems, extract key artifacts, and reconstruct attacker timelines. This session walks you through practical, repeatable workflows you can apply directly to real-world investigations.

Day 004:00PM - 05:45PM EST
In-Person

Incident Response with Velociraptor: Investigating a Cyber Attack from Initial Access to Exfiltration

This hands-on workshop explores the core capabilities of Velociraptor, a powerful open-source DFIR tool for scalable endpoint visibility, live forensics, and threat hunting. Through guided exercises, you’ll learn how to deploy and configure Velociraptor, query endpoint data, and conduct targeted hunts across multiple systems. The session focuses on integrating Velociraptor into real-world investigative workflows, helping you build confidence in live response, artifact collection, and analysis at scale.

Day 004:00PM - 05:45PM EST
In-Person

Break

Day 005:45PM - 06:00PM EST
In-Person

SIFT + AI: Less Suffering, More Finding

This wrap up workshop explores how integrating practical AI capabilities into the SIFT Workstation can speed up DFIR triage by surfacing anomalies, summarizing logs, and assisting with repetitive analysis tasks. Learn how local, auditable AI tools—designed for investigators, not data scientists—can act like a smart assistant to help cut through noise without replacing human judgment. AI won't solve forensics. But it can make it suck less.

Day 006:00PM - 07:00PM EST

Presented by

Rob Lee

Fellow

Rob Lee
In-Person

Closing Remarks

Day 007:00PM - 07:45PM EST
In-Person

Welcome Reception

Kick off your SANS DFIRCON Miami 2025 experience at the Welcome Reception. Be part of this kickoff event and join the industry’s most powerful gathering of cybersecurity professionals. Share stories, make connections, and learn how to make the most of your week in Miami, FL. Come join your instructors and fellow students for a fun, relaxed evening. Beverages (adult and otherwise) and small bites will be included.

06:30PM - 07:00PM EST
In-Person

Keynote: Code, Community, and the Calling: Building Tools That Serve the Mission

Eric shares the power of open-source development, how community collaboration drives innovation, and the value of creating tools that help defenders stay ahead. This session includes the live reveal of the winning EZ Tool Challenge submission — a new tool built and launched live at DFIRCON.

07:00PM - 08:00PM EST
In-Person & Virtual

Reception: DFIR AlumNight

Come join us for a casual networking event for SANS alumni and current attendees.

06:00PM - 06:30PM EST
In-Person

DFIR Bytes: Operation Phantom Thread: Tracing the Attacker from First Foothold to Final Exfil (Part 1)

In this hands-on, instructor-led case simulation, attendees will act as members of an incident response team investigating a multi-phase intrusion into an international consulting firm’s network. The investigation begins after suspicious outbound traffic is detected from a financial analyst’s workstation. Early indicators suggest unauthorized access to sensitive internal repositories.

06:45PM - 08:45PM EST
In-Person

Reception: DFIR AlumNight

Come join us for a casual networking event for SANS alumni and current attendees.

06:00PM - 06:30PM EST
In-Person

DFIR Bytes: Operation Phantom Thread: Tracing the Attacker from First Foothold to Final Exfil (Part 2)

The investigation continues with deeper analysis of attacker movement, persistence mechanisms, and exfiltration methods. Participants will complete their response strategy and strengthen their investigation workflow.

06:45PM - 08:45PM EST
In-Person

Tournament: DFIR NetWars

Registration: All students who register for a 4-6 day course will be eligible to play NetWars for free. Registration for this event will be through your SANS Account Dashboard the week of the event.

About DFIR NetWars: Focused on digital forensics, incident response, threat hunting, and malware analysis, this tool-agnostic approach covers everything from low-level artifacts to high-level behavioral observations.

06:30PM - 09:30PM EST
In-Person

Tournament: DFIR NetWars

Registration: All students who register for a 4-6 day course will be eligible to play NetWars for free. Registration for this event will be through your SANS Account Dashboard the week of the event.

About DFIR NetWars: Focused on digital forensics, incident response, threat hunting, and malware analysis, this tool-agnostic approach covers everything from low-level artifacts to high-level behavioral observations.

06:30PM - 09:30PM EST
In-Person

Hyatt Regency Coral Gables

Hotel Special Rates & Reservations

A special discounted rate of $245.00 S/D plus applicable taxes will be honored based on space availability.

A limited number of Government Per Diem rooms at the prevailing rate are available with proper ID.

These rates include:

  • Internet in your room
  • Complimentary access to the fitness center, pool area, jacuzzi, and sauna

These rates are only available through Friday, October 24, 2025.

The $25 daily destination fee is waived for SANS attendees who book through the links below.

An on-site raffle will be held during the event to award a SANS attendee who booked their room in the hotel block 5,000 World of Hyatt points! Hotel rooms need to be reserved through the booking link above to qualify.

Coral Gables, Hyatt Regency

3 Reasons To Stay At The Event Venue

  • Ultimate Convenience

    Eliminate the hassle of daily commutes and wasted travel time. You’ll have everything you need—from your training to dining and amenities - all in one centralized, convenient location.

  • Seamless Networking Opportunities

    Stay where the action is! Maximize your chances to connect with fellow cybersecurity professionals and industry leaders - from impromptu conversations in the lobby to exclusive after-hours events.

  • All Day, All Event Access

    SANS live training events include bonus sessions exclusively at the venue. Staying on-site ensures you won’t miss these opportunities to grow your network and engage with peers beyond the conference agenda.

People at laptops smiling

Travel Information