SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsJoin us for the most practical, hands-on DFIR experience of the year!
Led by community legends Eric Zimmerman and David Cowen, DFIRCON is designed to deliver what investigators need most—real tools, real workflows, and real-world training. Every session is built around practical applications, open-source tools, and hands-on exercises that you can use on the job.
Free and open to all registered DFIRCON attendees (in-person only). See Agenda.
Kick off your DFIRCON week with Community Learning Day, a full day of guided, hands-on tutorials using the latest open-source DFIR tools. Led by the community's top tool developers and practitioners, this bonus session offers direct access to creators and instructors who will walk you through real techniques and workflows.
The Community Learning Day at DFIRCON is your chance to try the tools investigators actually use—including newly released updates—and get answers straight from the experts who build them.
All sessions are hands-on, practical, and designed to level up your investigative toolkit a day before formal courses begin.
SANS creates a one-of-a-kind learning experience providing world-class training and fascinating opportunities to network and gain new perspectives from your peers!
The instruction at SANS is top-notch. I have been to several SANS training courses and they never disappoint. The instructors bring real life experiences and show the students how the material can be applied.
The labs are giving me a chance to see the course content first hand and interact with it. It's doing a good job of letting me play with it and really seeing how the tools and methodologies work.
SANS training keeps individuals up-to-date with relevant cyber security information. I can now apply the skills learned towards further maturing my program.
Hear from SANS expert instructors, during our SANS@Night talks for the latest techniques.
Learn MoreIntroducing the latest version of DFIR NetWars, fully refreshed with new challenges and updated evidence sets that reflect today’s most relevant forensic and incident response scenarios.
Learn MoreMix and mingle with classmates while enjoying breakfast and fresh coffee.
Learn MoreSave 500 USD using the code "EarlyBirdNA" and pay for any 4-6 day course (excluding Beta Courses) by August 17, 2025.
Looking for Group Purchasing? Contact Sales
2 Free practice tests when you add a certification exam attempt to your course. Available for select courses below.
Add 4 months of OnDemand access to your course purchase. Only available for courses with an OnDemand option.
After a malicious attack in his lab, Ross pivoted from neuroscience to cybersecurity, driven by a passion for safeguarding digital assets. He has dedicated over three decades to fortifying enterprise defenses and mentoring future cyber leaders.
Learn moreFor Ovie Carroll, digital forensics is all about the hunt for evidence in digital places that are hiding critical clues, followed by deep analysis to prove something that the evidence was never intended to prove.
Learn moreJim has been in the IT since 1981. His expertise ranges from systems and database administration to security and research in parallel processing and distributed systems.
Learn moreDomenica has revolutionized mobile device forensics through her 15-year tenure supporting U.S. federal law enforcement and intelligence agencies and leading global training for elite units including the FBI and military special forces.
Learn moreMari DeGrazia loves the satisfaction of solving a good puzzle. That fascination paired with her technical abilities has made digital forensics the perfect career fit. She has 20 years of experience in the IT industry, including 10 years in DFIR.
Learn moreEvan's career of 30+ years has spanned a variety of digital fields including software development, computer networking and security, and more recently, digital forensics.
Learn moreEngage in extra learning and activities during SANS events.
Daily required course training hours throughout the week.
Hands-on competitions to test and sharpen your cybersecurity skills.
Learn how to use SOF-ELK®, a free and open-source Elastic Stack distribution tailored for security and DFIR. This hands-on workshop includes the latest 2025 updates and guides you through loading logs, analyzing data via Kibana, and building visualizations to support real-world investigations.
Presented by
Phil Hagen
Fellow
Join Eric Zimmerman for a hands-on dive into EZ Tools, the widely used open-source suite for Windows forensics. Learn how to leverage tools like KAPE, RECmd, and ShellBags Explorer to collect, parse, and analyze evidence efficiently. This session includes the latest expert tips on integrating new features into your investigative workflow.
Presented by
Eric Zimmerman
Principal Instructor
Get hands-on with ArtEx, a powerful tool for researching and testing forensic artifacts with speed and precision. Learn how to navigate file systems, analyze serialized data, and explore key structures across multiple sources. This session includes what you need to integrate ArtEx into your workflow for artifact validation and investigative support.
Presented by
Ian Whiffin
Senior Digital Intelligence Expert
Explore the LEAPPs suite for fast, structured parsing of mobile and cloud artifacts. This hands-on session covers expanded support for Google Takeout, vehicle data, and more to help streamline triage and improve investigation accuracy.
Presented by
Alexis Brignoni
Special Agent
Get hands-on with the SANS Investigative Forensic Toolkit (SIFT), a powerful open-source workstation built to support in-depth forensic analysis. SIFT integrates several open-source tools to help you examine compromised systems, extract key artifacts, and reconstruct attacker timelines. This session walks you through practical, repeatable workflows you can apply directly to real-world investigations.
Presented by
Mike Pilkington
Senior Instructor
This hands-on workshop explores the core capabilities of Velociraptor, a powerful open-source DFIR tool for scalable endpoint visibility, live forensics, and threat hunting. Through guided exercises, you’ll learn how to deploy and configure Velociraptor, query endpoint data, and conduct targeted hunts across multiple systems. The session focuses on integrating Velociraptor into real-world investigative workflows, helping you build confidence in live response, artifact collection, and analysis at scale.
Presented by
Carlos Cajigas
Principal Instructor
This wrap up workshop explores how integrating practical AI capabilities into the SIFT Workstation can speed up DFIR triage by surfacing anomalies, summarizing logs, and assisting with repetitive analysis tasks. Learn how local, auditable AI tools—designed for investigators, not data scientists—can act like a smart assistant to help cut through noise without replacing human judgment. AI won't solve forensics. But it can make it suck less.
Presented by
Rob Lee
Fellow
Kick off your SANS DFIRCON Miami 2025 experience at the Welcome Reception. Be part of this kickoff event and join the industry’s most powerful gathering of cybersecurity professionals. Share stories, make connections, and learn how to make the most of your week in Miami, FL. Come join your instructors and fellow students for a fun, relaxed evening. Beverages (adult and otherwise) and small bites will be included.
Eric shares the power of open-source development, how community collaboration drives innovation, and the value of creating tools that help defenders stay ahead. This session includes the live reveal of the winning EZ Tool Challenge submission — a new tool built and launched live at DFIRCON.
Presented by
Eric Zimmerman
Principal Instructor
Come join us for a casual networking event for SANS alumni and current attendees.
In this hands-on, instructor-led case simulation, attendees will act as members of an incident response team investigating a multi-phase intrusion into an international consulting firm’s network. The investigation begins after suspicious outbound traffic is detected from a financial analyst’s workstation. Early indicators suggest unauthorized access to sensitive internal repositories.
Presented by
Carlos Cajigas
Principal Instructor
Come join us for a casual networking event for SANS alumni and current attendees.
The investigation continues with deeper analysis of attacker movement, persistence mechanisms, and exfiltration methods. Participants will complete their response strategy and strengthen their investigation workflow.
Presented by
Carlos Cajigas
Principal Instructor
Registration: All students who register for a 4-6 day course will be eligible to play NetWars for free. Registration for this event will be through your SANS Account Dashboard the week of the event.
About DFIR NetWars: Focused on digital forensics, incident response, threat hunting, and malware analysis, this tool-agnostic approach covers everything from low-level artifacts to high-level behavioral observations.
Registration: All students who register for a 4-6 day course will be eligible to play NetWars for free. Registration for this event will be through your SANS Account Dashboard the week of the event.
About DFIR NetWars: Focused on digital forensics, incident response, threat hunting, and malware analysis, this tool-agnostic approach covers everything from low-level artifacts to high-level behavioral observations.
A special discounted rate of $245.00 S/D plus applicable taxes will be honored based on space availability.
A limited number of Government Per Diem rooms at the prevailing rate are available with proper ID.
These rates include:
These rates are only available through Friday, October 24, 2025.
The $25 daily destination fee is waived for SANS attendees who book through the links below.
An on-site raffle will be held during the event to award a SANS attendee who booked their room in the hotel block 5,000 World of Hyatt points! Hotel rooms need to be reserved through the booking link above to qualify.
Eliminate the hassle of daily commutes and wasted travel time. You’ll have everything you need—from your training to dining and amenities - all in one centralized, convenient location.
Stay where the action is! Maximize your chances to connect with fellow cybersecurity professionals and industry leaders - from impromptu conversations in the lobby to exclusive after-hours events.
SANS live training events include bonus sessions exclusively at the venue. Staying on-site ensures you won’t miss these opportunities to grow your network and engage with peers beyond the conference agenda.
Embrace alluring Mediterranean culture at Hyatt Regency Coral Gables. With a striking two-story marble lobby, antique accents, and Spanish-style windows, retreat to this tranquil refuge just off the popular Miracle Mile. There’s no better place from which to explore the nearby Art Deco District, Miami Beach, and Coconut Grove.
- Self-Parking: 4-8 hours: $20.00, 6-8 hours: $30.00, Overnight: $40.00 - Valet Parking: Overnight: $46.00 Rates subject to change. Please contact the venue for the most up to date information. Alternative Parking Options - SANS recommends researching nearby parking facilities for more affordable options. Below are some popular parking apps that can help you locate and reserve space during your training are SpotHero, ParkMobile, and ParkWhiz. Distances from Nearby Airports - Miami International Airport (MIA): Approximately 4.5 miles - Fort Lauderdale-Hollywood International Airport (FLL): Approximately 29.5 miles
The discount ranges from 1% - 10% depending on the origin airport. When making the flight reservation, use the code - 'ZQ33173387'. Please Note: This discount applies to flights with United Airlines and other codeshare airlines and does not apply to basic economy fares. Call the United Meetings Reservation Desk at (800) 426-1122 for booking assistance.
Delta Air Lines is pleased to offer special flight discounts for SANS Institute customers! Depending on fare type, domestic discounts range from 2- 10%. Use Meeting Event Code 'NM47F' during booking. You may also call Delta Meeting Network® at 1.800.328.1111* Monday-Friday, 8:00 a.m.- 6:30 p.m. (EST) *Please note there is not a service fee for reservations booked and ticketed via the reservation 800 number. Discounts valid on Delta and applicable Codeshare flights.