2023 Digital Forensics and Incident Response Summit Solutions Track

  • Friday, 04 Aug 2023 10:00AM EDT (04 Aug 2023 14:00 UTC)
  • Speaker: Jason Jordaan

Investigation is often considered both an art and a science, and practitioners merge these disciplines in the search for the facts in their investigations. While the best tool in both art and science is the amazing capacity of the human brain, and this is especially apparent in the field of digital forensics and incident response, where we match ourselves against the creative ingenuity of committed and capable threat actors; we do need other tools to make our work possible. 

The digital forensics and incident response tools that we have available to ourselves enhance our abilities to examine and analyze the digital evidence that we need to be able to successful solve the cases and incidents that we are engaged with. These tools enable us, they improve efficiency and effectiveness, and they provide valuable capabilities in the fight against the threat actors we face. 

As the threats we face evolve, so to must the tools that we use. The SANS DFIR Summit Solutions Track highlight recent developments in the tools and solutions that are available to us. Join us as we explore some of the cutting-edge tools and solutions that we can utilize in our DFIR operations. 

If you’d like to join the conversation on slack, click here.


Thank You to Our Sponsors

Anomali-logo_lion-wordmark_RGB-color.pngCorelight_Transparent.pngDelinea_Logo_-_Purple.pngExtraHop Networks logo

Event Agenda | 10:00am - 12:30pm ET

Join us Live Online to access all of the live chats that we have in store for this event.
Timeline (EDT)Session Details

Welcome & Opening Remarks


Jason Jordaan, Principal Instructor, SANS Institute


How to Expand Network Visibility in an Encrypted World

Most network traffic is encrypted and TLS 1.3 and DNS-over-HTTPs have extended encryption’s reach even further. Where traffic decryption isn’t possible for cost, performance, and/or privacy reasons security teams must adapt to support network-based incident response and threat hunting. So how can you see in the dark? Attend this virtual talk to hear about alternative strategies for reclaiming visibility on your network that do not depend on break and inspect. You'll learn about relevant open source technology you can apply to this challenge as well as advanced techniques that infer encrypted traffic behaviors such as human keystrokes over SSH or RDP brute force attacks.


John Gamble, Sr. Director of Product Marketing, Corelight


Lessons Learned from Ransomware Incident Response.

Following the breadcrumbs of a malicious hacker and uncovering their digital footprint.   This is a journey inside an ethical hacker's response to a ransomware incident that brought a business to a full stop, followed by the discovery of evidence to uncover their attack path and techniques used. In this session, we will cover a real-world incident response to a ransomware as a service (RaaS) variant: the incident response lessons learned, what went well and not so well.  How mental health is critical for incident response and security teams.  What techniques had been used to launch an attack and what we uncovered from digital footprints left at the scene.


Joseph Carson, Chief Security Scientist & Advisory CISO, Delinea

11:25 AM


11:40 AM

Fireside Chat with Jason Jordaan


Tom Roeh, Director of Systems Engineering - US Public Sector, ExtraHop Networks


Closing Remarks


Jason Jordaan, SANS Principal Instructor