Online Training Special Offer! Get an iPad Mini, Surface Go, or $300 Off thru Oct 2!


To attend this webcast, login to your SANS Account or create your Account.

Leveraging OSINT for Better DFIR Investigations

  • Wed, Aug 21, 2019 - 11:00 am Singapore / 12:00 pm Tokyo / 1:00 pm Sydney
  • Jeff Lomas and Micah Hoffman
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


Note: This webcast is free of charge however a SANS portal account is required (see webcast link for details)

SANS Asia-Pacific Webcast Series- Leveraging OSINT for Better DFIR Investigations

Are you a digital forensic examiner or investigator? Do you use OSINT? Are you unsure if you are using OSINT? If you answered yes to any of these questions, this webinar is for you! Nearly all examiners have used OSINT at one point in their work product, but many are not sure if they are maximizing their use of OSINT. SEC487 author and certified SANS instructor Micah Hoffman and law enforcement digital forensic examiner/detective Jeff Lomas will discuss how OSINT techniques can add value to digital forensic investigations, perform a live demo using OSINT in concert with digital forensics, and discuss how digital forensic examiners can improve their OSINT.

Speaker Bios

Jeff Lomas

For over 10 years, Jeff Lomas has served his community as a sworn law enforcement detective and digital forensic examiner for a large metropolitan police department in Las Vegas, NV. Jeff works on a federal task force and his investigation experience ranges from property crimes to the most serious violent crimes. Jeff holds numerous digital forensic certifications (CFCE, MCFE, CCME), has a B.S. in Intelligence Management, and an M.S. in Cybersecurity. Jeff has authored technology-related curriculum for investigators, teaches technology-related curriculum for his current employer, and has been a guest speaker at youth cyber camps in his free time.

Micah Hoffman

Micah Hoffman has been active in the information technology field since 1998, working with federal government, commercial, and internal customers to discover and quantify cybersecurity weaknesses within their organizations. As a highly active member of the cybersecurity and OSINT communities, Micah uses his real-world Open-Source Intelligence (OSINT), penetration testing, and incident response experience to provide customized solutions to his customers and comprehensive instruction to his students.

Over the years, Micah has conducted cyber-related tasks like penetration testing, OSINT investigations, APT hunting, and risk assessments for government, internal, and commercial customers. Micah's SANS coursework, cybersecurity expertise, and inherent love of teaching eventually pulled him toward an instructional role, and he's been a SANS Certified Instructor since 2013. He's the author of the SANS course SEC487: Open Source Intelligence Gathering and Analysis, and also teaches both SEC542: Web App Penetration Testing and Ethical Hacking and SEC567: Social Engineering for Penetration Testers.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.