Don't Miss Out on the Best Specials of the Year Available Now - Top Training, Top Instruction!


To attend this webcast, login to your SANS Account or create your Account.

Forensic State Analysis: A New Approach to Threat Hunting

  • Wednesday, March 29, 2017 at 3:00 PM EDT (2017-03-29 19:00:00 UTC)
  • Chris Gerritz, Alissa Torres


  • Infocyte

You can now attend the webcast using your mobile device!



If an attacker had a foothold in your network today, would you know it? Whether your defenses were successfully evaded or an analyst misinterpreted a critical alert, chances are the attacker has entrenched themselves for the long haul. The act of searching for these well-hidden and persistent threats is called threat hunting.

In this webcast, experienced Threat Hunters from Infocyte and SANS will discuss how to adapt Digital Forensics & Incident Response (DFIR) techniques to scalably and proactively hunt for unknown threats across an entire enterprise network. This approach is called Forensic State Analysis (FSA). Ultimately, FSA arms hunters with an effective and efficient methodology to hunt without relying solely on sophisticated security infrastructure, sensors, or big data.

Speaker Bios

Chris Gerritz

Chris Gerritz is a co-founder of Infocyte, a developer of endpoint threat hunting solutions focused on breach discovery and interactive network defense.

Chris is a pioneer in defensive cyberspace operations having previously established and led the U.S. Air Force's first Enterprise-scoped Hunt Team. In this roll, he led a team of 28 operators and analysts tasked with finding, tracking, and neutralizing state-sponsored threats on the Air Force's $2B, 800k node enterprise network. He personally conducted and/or oversaw 350+ adversarial hunt and rapid response missions on networks throughout the world.

Chris holds a B.S. in Electrical & Computer Engineering from Oregon State University.

Alissa Torres

Alissa Torres is a SANS analyst and certified SANS instructor specializing in advanced computer forensics and incident response (IR). She has extensive experience in information security in the government, academic and corporate environments. Alissa has served as an incident handler and as a digital forensic investigator on an internal security team. She has taught at the Defense Cyber Investigations Training Academy (DCITA), delivering IR and network basics to security professionals entering the forensics community. A GIAC Certified Forensic Analyst (GCFA), Alissa holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+ certifications.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.