Join us at the Rocky Mountain Hackfest, Live Online!! Virtual summit and courses take place June 4-13.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

DFIR Summit Solutions Track

  • Friday, July 17, 2020 at 9:00 AM EST (2020-07-17 13:00:00 UTC)
  • Lodrina Cherne

Sponsors

  • Devo Technology Inc.
  • DomainTools
  • ExtraHop
  • Palo Alto Networks
  • ThreatConnect

You can now attend the webcast using your mobile device!

  

Overview

In a field that is advancing every day due to OS and app upgrades, attackers, and coordinated threats, forensic and incident response professionals need to be constantly learning and challenging assumptions. A single examiner may be looking into ransomware and data destruction one day and missing persons the next. Whether to support business continuity or ensure personal safety, examiners need exposure to new and novel techniques for investigating a wide variety of data sources and require vetted solutions that that help find answers - fast.

Take evolutions in identification and acquisition for example. It used to be that search and seizure of electronic evidence meant grabbing everything with a disk or chip. Today a full picture of user activity might rest in the cloud as well, so how can examiners identify and obtain this information? Then, how do they pull in data from remote systems alongside more traditional sources in their tools to be able to tell a complete story?

Examiners today are aware that no single tool will fulfill all of their digital forensic and incident response collection, analysis, and reporting needs. Examiners need to understand the best solutions for day to day work and when to employ specialist tools to paint an accurate picture of activity when writing reports.

Industry analysts recommend studying real-world examples of incidents to learn lessons from our peers in the trenches. SANS is convening an inaugural forum for DFIR solutions featuring case studies from vetted vendors supporting investigations across a wide range of scenarios.

 

Relevant DFIR topics:

-Parsing new artifacts

-Collection and storage challenges

-Non traditional file systems

-Coordinating case loads and reporting

-Big data and DFIR at scale

-Cloud and remote system investigations

-Encryption challenges

Earn 4 CPE Credit hours for attending this webcast.

Agenda

9:00 AM - 9:10 AM: DFIR Summit Day 2 Welcome & Overview

9:10 AM - 9:55 AM: Keynote - SANS Instructor, Lodrina Cherne (@hexplates)

9:55 AM - 10:30 AM: Devo - Title & Abstract Coming Soon

-- 10:30 AM - 10:50 AM: Break

10:50 AM - 11:25 AM: Palo Alto Networks - Title & Abstract Coming Soon

--11:25 AM - 11:35 AM: Break

11:35 AM - 12:20 AM: DomainTools - Title & Abstract Coming Soon

-- 12:20 PM - 1:30 PM: Lunch

1:30 PM - 2:05 PM: ExtraHop - Title & Abstract Coming Soon

2:05 PM - 2:40 PM: ThreatConnect - Title & Abstract Coming Soon

-- 2:40 PM - 3:00 PM: Break

3:00 PM - 3:35 PM: Talk 6

3:35 PM - 4:10 PM: Talk 7

-- 4:10 PM - 4:15 PM: Break

4:15 PM - 5:00 PM: Forensic 4cast Awards

Speaker Bio

Lodrina Cherne

Lodrina Cherne is a Product Manager at Cybereason helping protect organizations from attack through EPP and EDR solutions, incident response, and security services. She also works as an instructor for SANS where she teaches Windows Forensic Analysis and helps students to advance their foundational understanding of DFIR. Throughout her 15 years in cybersecurity, she has been able to fight for people wrongly impacted by technology including as a volunteer for Operation Safe Escape which helps educate and empower victims of domestic violence with digital safety. In addition, her work investigating the “Sledgehammer” case in Turkey helped acquit more than 200 foreign imprisoned senior military officers after showing that the electronic documents used to indict them were forged.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.