SANS DFIRCON Miami 2025

Hands-On DFIR Training at SANS DFIRCON Miami 2025

Join us for the most practical, hands-on DFIR experience of the year!

Led by community legends Eric Zimmerman and David Cowen, DFIRCON is designed to deliver what investigators need most—real tools, real workflows, and real-world training. Every session is built around practical applications, open-source tools, and hands-on exercises that you can use on the job.

Community Learning Day—Sunday, November 16

Free and open to all registered DFIRCON attendees (in-person only). See Agenda.

Kick off your DFIRCON week with Community Learning Day, a full day of guided, hands-on tutorials using the latest open-source DFIR tools. Led by the community's top tool developers and practitioners, this bonus session offers direct access to creators and instructors who will walk you through real techniques and workflows.

The Community Learning Day at DFIRCON is your chance to try the tools investigators actually use—including newly released updates—and get answers straight from the experts who build them.

All sessions are hands-on, practical, and designed to level up your investigative toolkit a day before formal courses begin.

Why Attend DFIRCON Miami 2025

• EZ Tool Challenge: Submit your tool idea for a chance to have it developed by Eric Zimmerman and share with the global DFIR community. Deadline August 29th.
• Community Learning Day + Practical Training: Kick off your DFIRCON experience with a full day of hands-on tutorials using real-world tools and workflows. Learn directly from top instructors and open-source tool developers in live, interactive sessions that prepare you for the week ahead.
• Live Support: Get real-time assistance from certified teaching assistants to reinforce your learning during training.
• Virtual Immersive Labs: Practice your skills in a secure, virtual environment built for DFIR investigations.
• DFIR NetWars – Updated: Introducing the latest version of DFIR NetWars, fully refreshed with new challenges and updated evidence sets that reflect today’s most relevant forensic and incident response scenarios. This is not just a small update. It’s a complete upgrade designed to push your skills further than ever. Whether you want to challenge yourself or prove your DFIR expertise, this hands-on competition delivers realistic problem solving in a high-energy format. One tournament. Many domains. How far can you go?
• DFIR Bytes Case Simulation: Participate in a two-part, instructor-guided case simulation that walks through a complete investigation from compromise to resolution. This unique session is built to mirror real-world response workflows and provides hands-on experience in evidence analysis, attacker tracking, and timeline reconstruction.
• 14 Tailored DFIR Courses: Choose from 14 digital forensics and incident response courses that are specifically selected to align with the tools, challenges, and investigative themes featured throughout DFIRCON. Every course is part of the broader, immersive DFIRCON experience.
• Dual-Format Courseware: Get both print and electronic access to comprehensive course materials created by SANS instructors.
• GIAC Certification Alignment: Many DFIRCON courses align with GIAC certs, helping you validate your expertise.
• Extended Access: Enjoy four months of post-event access to recorded lectures to reinforce what you’ve learned.
• Top-Tier Venue: Hosted at the elegant Hyatt Regency Coral Gables.
• One-of-a-Kind Community Experience: Meet the minds behind your favorite tools. Have real conversations with developers, instructors, and peers about your investigative challenges—and walk away with insights and solutions that matter.