SANS DFIRCON Miami Presents: An Exclusive Community Day Experience

Sunday, November 16th

Jump to:

What to Expect
Schedule
Register

Unlock the Full DFIRCON Experience — Join Community Learning Day!

Kickstart your DFIRCON Miami adventure one day early with a powerful, FREE pre-event jam-packed day full of new content, tools and hands-on sessions tailored just for you. (In-person attendees only — register today to secure your spot!)

What Makes It Not to Miss

Get Early Access to the Tools That Matter - Work hands-on with the latest open-source DFIR tools—many of them still in development. Guided by the very tool creators and core contributors, Community Learning Day lets you test, tweak, and master cutting-edge workflows before the official training begins.
Learn Directly from the Experts - Sessions are delivered by the visionaries behind the tools—people who know them best and can teach you how to make them work in your investigations. Expect live support, deep context, and real wisdom.
Level Up Before the Week Even Starts - Dive into immersive labs with real-time assistance from certified teaching assistants and test your mettle in secure virtual environments specifically designed for DFIR work.
Be the First to See Eric’s New Open-Source Tool! - Eric Zimmerman will unveil a brand-new DFIR tool—created from community submissions—live! You’ll be among the very first to get access and see it in action. Don’t miss your chance to be part of this exclusive reveal.

Time and seats are limited — but this early-access day is intentionally powerful: relaxed, collaborative, and open only to those in the room. It’s the perfect way to set yourself up ahead of the week’s heavy training lineup. Learn directly from tool authors, absorb context that sets you ahead, and walk into the full week with an edge and a more confident investigative toolkit.

What to Expect

Date: Sunday, November 16th Time(s):

Check-In: 10:00 – 11:00AM ET
Sessions: 11:00AM – 7:00PM ET (Lunch & Snacks Provided)
Closing Remarks: 7:00PM – 7:45PM ET

*NOTE: Space is limited. Please reserve your space using the form below.

Where: Hyatt Regency Coral Gables 50 Alhambra Plaza Coral Gables, Florida 33134

Schedule

Showing 8 of 8

Filter by:

Select day:

Check-In

10:00AM - 11:00AM EST

SOF-ELK Hands-on Workshop 2025 Edition

Learn how to use SOF-ELK®, a free and open-source Elastic Stack distribution tailored for security and DFIR. This hands-on workshop includes the latest 2025 updates and guides you through loading logs, analyzing data via Kibana, and building visualizations to support real-world investigations.

11:00AM - 12:45PM EST

Presented by

Phil Hagen

Fellow

Mastering Investigations with EZ Tools: Fast, Focused, and Forensically Sound

Join Eric Zimmerman for a hands-on dive into EZ Tools, the widely used open-source suite for Windows forensics. Learn how to leverage tools like KAPE, RECmd, and ShellBags Explorer to collect, parse, and analyze evidence efficiently. This session includes the latest expert tips on integrating new features into your investigative workflow.

11:00AM - 12:45PM EST

Presented by

Eric Zimmerman

Principal Instructor

ArtExperimentation

Get hands-on with ArtEx, a powerful tool for researching and testing forensic artifacts with speed and precision. Learn how to navigate file systems, analyze serialized data, and explore key structures across multiple sources. This session includes what you need to integrate ArtEx into your workflow for artifact validation and investigative support.

01:45PM - 03:45PM EST

Presented by

Ian Whiffin

Senior Digital Intelligence Expert

Open Source Digital Forensics using Python: The LEAPPs Toolset

Explore the LEAPPs suite for fast, structured parsing of mobile and cloud artifacts. This hands-on session covers expanded support for Google Takeout, vehicle data, and more to help streamline triage and improve investigation accuracy.

01:45PM - 03:45PM EST

Presented by

Alexis Brignoni

Special Agent

Getting Hands-On with SIFT: Practical Forensics Using the SANS Investigative Toolkit

Get hands-on with the SANS Investigative Forensic Toolkit (SIFT), a powerful open-source workstation built to support in-depth forensic analysis. SIFT integrates several open-source tools to help you examine compromised systems, extract key artifacts, and reconstruct attacker timelines. This session walks you through practical, repeatable workflows you can apply directly to real-world investigations.

04:00PM - 05:45PM EST

Presented by

Mike Pilkington

Senior Instructor

Incident Response with Velociraptor: Investigating a Cyber Attack from Initial Access to Exfiltration

This hands-on workshop explores the core capabilities of Velociraptor, a powerful open-source DFIR tool for scalable endpoint visibility, live forensics, and threat hunting. Through guided exercises, you’ll learn how to deploy and configure Velociraptor, query endpoint data, and conduct targeted hunts across multiple systems. The session focuses on integrating Velociraptor into real-world investigative workflows, helping you build confidence in live response, artifact collection, and analysis at scale.

04:00PM - 05:45PM EST

Presented by

Carlos Cajigas

Principal Instructor

SIFT + AI: Less Suffering, More Finding

This wrap up workshop explores how integrating practical AI capabilities into the SIFT Workstation can speed up DFIR triage by surfacing anomalies, summarizing logs, and assisting with repetitive analysis tasks. Learn how local, auditable AI tools—designed for investigators, not data scientists—can act like a smart assistant to help cut through noise without replacing human judgment. AI won't solve forensics. But it can make it suck less.

06:00PM - 07:00PM EST

Presented by

Rob T. Lee

Fellow

Register Here

Note: Many of these sessions run concurrently. Please only build your schedule to meet those you can attend.

First NameRequired

Last NameRequired

Your EmailRequired

Phone numberRequired

OrganizationRequired

Job TitleRequired

CountryRequired

RSVP forRequiredSOF-ELK Hands-On Workshop 2025 Edition (11 – 12:45 PM ET)Mastering Investigations with EZ Tools: Fast, Focused, and Forensically Sound (11 – 12:45 PM ET)ArtExperimentation (1:45 – 3:45 PM ET)Open Source Digital Forensics using Python: The LEAPPs Toolset (1:45 – 3:45 PM ET)Getting Hands-On with SIFT: Practical Forensics Using the SANS Investigative Toolkit (4:00 – 5:45 PM ET)Incident Response with Velociraptor: Investigating a Cyber Attack from Initial Access to Exfiltration (4:00 – 5:45 PM ET)SIFT + AI: Less Suffering, More Finding (6:00 – 7:00 PM ET)

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SANS DFIRCON Miami Presents: An Exclusive Community Day Experience

Unlock the Full DFIRCON Experience — Join Community Learning Day!

What Makes It Not to Miss

What to Expect