$400 Amazon Gift Card with OnDemand Training through March 10 - Learn More!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Leveraging OSINT for Better DFIR Investigations

  • Wed, Aug 21, 2019 - 11:00 am Singapore / 12:00 pm Tokyo / 1:00 pm SydneyTuesday, August 20, 2019 at 11:00 PM EST (2019-08-21 03:00:00 UTC)
  • Jeff Lomas, Micah Hoffman

You can now attend the webcast using your mobile device!



Note: This webcast is free of charge however a SANS portal account is required (see webcast link for details)

SANS Asia-Pacific Webcast Series- Leveraging OSINT for Better DFIR Investigations

Are you a digital forensic examiner or investigator? Do you use OSINT? Are you unsure if you are using OSINT? If you answered yes to any of these questions, this webinar is for you! Nearly all examiners have used OSINT at one point in their work product, but many are not sure if they are maximizing their use of OSINT. SEC487 author and certified SANS instructor Micah Hoffman and law enforcement digital forensic examiner/detective Jeff Lomas will discuss how OSINT techniques can add value to digital forensic investigations, perform a live demo using OSINT in concert with digital forensics, and discuss how digital forensic examiners can improve their OSINT.

Speaker Bios

Jeff Lomas

For over 10 years, Jeff Lomas has served his community as a sworn law enforcement detective and digital forensic examiner for a large metropolitan police department in Las Vegas, NV. Jeff works on a federal task force and his investigation experience ranges from property crimes to the most serious violent crimes. Jeff holds numerous digital forensic certifications (CFCE, MCFE, CCME), has a B.S. in Intelligence Management, and an M.S. in Cybersecurity. Jeff has authored technology-related curriculum for investigators, teaches technology-related curriculum for his current employer, and has been a guest speaker at youth cyber camps in his free time.

Micah Hoffman

Micah Hoffman has been active in the information technology field since 1998, working with federal government, commercial, and internal customers to discover and quantify cybersecurity weaknesses within their organizations. As a highly active member of the cybersecurity and OSINT communities, Micah uses his real-world Open-Source Intelligence (OSINT), penetration testing, and incident response experience to provide customized solutions to his customers and comprehensive instruction to his students.

Over the years, Micah has conducted cyber-related tasks like penetration testing, OSINT investigations, APT hunting, and risk assessments for government, internal, and commercial customers. Micah's SANS coursework, cybersecurity expertise, and inherent love of teaching eventually pulled him toward an instructional role, and he's been a SANS Certified Instructor since 2013. He's the author of the SANS course SEC487: Open Source Intelligence Gathering and Analysis, and also teaches both SEC542: Web App Penetration Testing and Ethical Hacking and SEC567: Social Engineering for Penetration Testers.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.