One More Week for MacBook Air, $400 Amazon Gift Card, or Take $400 Off with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

DFIR Summit Solutions Track

  • Friday, July 23rd | 10:00 AM - 5:00 PM EDTFriday, July 23, 2021 at 10:00 AM EDT (2021-07-23 14:00:00 UTC)
  • Mari DeGrazia


  • Anomali
  • Corelight
  • DomainTools
  • ExtraHop
  • Gigamon
  • Magnet Forensics
  • NetEnrich
  • OpenText Inc.
  • Sophos Inc.
  • Cisco Systems Inc.
  • Bitdefender S.R.L.
  • Devo Technology, Inc.

You can now attend the webcast using your mobile device!




You will earn 6 CPE credits for attending this virtual event.

Summit Format: Virtual

Event Overview

In a field that is advancing every day due to OS and app upgrades, attackers, and coordinated threats, forensic and incident response (IR) professionals need to be constantly learning and challenging assumptions. A single examiner may be looking into ransomware and data destruction one day and missing persons the next. Whether to support business continuity or ensure personal safety, examiners need exposure to new and novel techniques for investigating a wide variety of data sources and require vetted solutions that help find answers - fast.

Take evolutions in identification and acquisition for example. It used to be that search and seizure of electronic evidence meant grabbing everything with a disk or chip. Today a full picture of user activity might rest in the cloud, so how can examiners identify and obtain this information? Not only that, but how do they pull in data from remote systems alongside more traditional sources in their tools to be able to tell a complete story?

Examiners today are aware that no single tool will fulfill all of their digital forensic and incident response (DFIR) collection, analysis, and reporting needs. Examiners need to understand the best solutions for day-to-day work and when to employ specialist tools to paint an accurate picture of activity when writing reports.

Join this SANS lead forum as we explore various DFIR & IR topics through invited speakers while showcasing current capabilities available today. Presentations will focus on technical case-studies and thought leadership using specific examples relevant to the industry.

Relevant topics:

   Parsing New Artifacts

   Collection and Storage Challenges

   Nontraditional File Systems

   Coordinating Caseloads and Reporting

   Cloud and Remote System Investigations

   Encryption Challenges

Speaker Bio

Mari DeGrazia

Mari DeGrazia brings her puzzle-solving skills to her position as Senior Director of Incident Response at Kroll Cyber Security, where she leads high-profile incident response cases and helps clients find and respond to attackers in their environment. In her role as a SANS instructor for FOR500: Windows Forensic Analysis, Mari draws on nearly 20 years of experience in the IT industry, including 10 years in Digital Forensics and incident Response (DFIR).

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.