Talk With an Expert

SANS DFIR Summit Solutions Track 2025

  • Fri, Jul 25, 2025
  • 10:00AM - 3:00PM MT
  • English
  • Domenica Lee Crognale
  • Technical Presentation
Webcast Hero

Thank you to our Sponsors

We continue to see the effects of living in an interconnected, digital world, which results in a rise in the number of cyber-attacks with each new year. Malware/Ransomware, Email Compromise, Distributed Denial of Service attacks, and Data Breaches continue to plague some of the largest industries and small businesses alike, and the cost of these damages is on pace to exceed 10 trillion dollars by 2025.

As managers, consultants, and examiners, we know there is no silver bullet to thwart all attacks, and we realize that we must continue to improve our tools and practices to keep attackers at bay. Weeding through the various tools and free solutions and then implementing best practices for your workplace is often just as challenging as defending your resources in this constantly evolving landscape. Join us for this year’s DFIR Summit Solutions Track 2025 as invited speakers and subject matter experts walk through lessons learned and best practices on uncovering threats, identifying attacker activity, confirming data loss and what was compromised, and discuss ways to better secure your organizational assets moving forward.

Why Register?

  • Expert-led Sessions
  • Flexible Attendance (Attend live or watch on your own time)
  • On-Demand Access (Revisit sessions and download presentations at your convenience)
  • Connect with Industry Leaders
  • Build Your Professional Network
  • Earn CPE Credits

Schedule

Showing 8 of 8
Filter by:

Event Kickoff & Introduction

Event Kickoff & Introduction

SANS DFIR Summit Solutions Track 202510:00AM - 10:10AM MDT

Virtual

When Updates Turn Rogue: The Forensic Trail of a Supply Chain Attack

Supply chain attacks are among the most dangerous threats in cybersecurity, not because they exploit software flaws, but because they exploit trust.

This session explores several high-impact compromises and includes a hands-on lab using DLL side-loading. See how trusted binaries can be weaponized to deliver attacker-controlled payloads, and learn forensic techniques to trace execution paths, detect tampered binaries, and uncover artifacts left on disk and in memory. Get actionable insights to identify and respond to these stealthy, high-consequence attacks with confidence.

Sponsored by Magnet Forensics

SANS DFIR Summit Solutions Track 202510:10AM - 10:45AM MDT

Virtual

Benchmarking Malware Sandboxes with the AMTSO Evaluation Framework

In digital forensics and incident response, confidence in detection tools is vital. This session introduces the Anti-Malware Testing Standards Organization (AMTSO) and its open, vendor-neutral testing frameworks. Attendees will learn how AMTSO’s Testing Protocol Standard and Fundamental Principles of Testing support transparent, repeatable evaluations.

We’ll cover why standardized testing matters for DFIR, how labs and vendors can run fair tests, and the real-world impact on tool validation, red teaming, and procurement.

Sponsored by VMRay

SANS DFIR Summit Solutions Track 202510:45AM - 11:20AM MDT

Virtual

Break

SANS DFIR Summit Solutions Track 202511:20AM - 11:35AM MDT

Virtual

Putting the R in CDR: Balancing Speed and Control in Cloud Incident Response

Responding to threats in the cloud is delicate - it's not just about eliminating the threat but doing so without causing unintended damage. Cloud environments are complex and unpredictable, forcing security teams to weigh the tradeoff between fast response and a validated, predictable resolution.

This webinar will explore how to design a response strategy based on real-time insight that minimizes blast radius, assigns the right level of authority to different teams, and ensures that response actions are both swift and responsible.

Learn how to strike the balance between speed and control in cloud detection and response. ‍ What You'll Learn Why cloud environments make auto response more complex, and how to implement a guided response model to accelerate MTTR without downtime How to design a response strategy that minimizes blast radius How security teams can strike the balance between speed and control in response How to empower all team members throughout the response process to enhance investigation while limiting burnout.

Sponsored by Stream Security

SANS DFIR Summit Solutions Track 202511:35AM - 12:10PM MDT

Virtual

Scattered Spider: Unmasking the Sophisticated Cyber Threat

Scattered Spider has rapidly emerged as one of the most formidable adversaries in the modern cyber threat landscape. Known for its advanced social engineering tactics and targeted intrusions, this highly organized threat group has successfully infiltrated major enterprises, bypassing traditional defenses and causing widespread operational and financial damage.

In this webinar, we will take a deep dive into the anatomy of Scattered Spider’s campaigns—examining their attack vectors, techniques, and the tools that enable their persistence. Attendees will gain insights into the group’s evolving methods, from initial access through phishing and SIM swapping to lateral movement and data exfiltration strategies.

We will also explore real-world case studies that illustrate the impact of their operations and discuss proactive measures organizations can take to detect, mitigate, and prevent such attacks. Join us as we unmask this elusive threat actor and provide actionable intelligence to strengthen your cybersecurity posture against sophisticated adversaries like Scattered Spider.

Sponsored by Extrahop

SANS DFIR Summit Solutions Track 202512:10PM - 12:45PM MDT

Virtual

Unseen and Unsecured: Trends Redefining External Risk

We will present findings from a new study analyzing the publicly exposed attack surfaces of organizations across the U.S., EMEA, and APAC.

In particular, we’ll highlight recurring patterns in service exposures, risky configurations, certificate mismanagement, and third-party supplier risks—factors that often complicate incident investigations and response workflows. This session equips DFIR teams with actionable intelligence to better understand attacker ingress points, contextualize threats in real time, and enhance post-breach visibility through comprehensive internet-wide data.

Sponsored by Censys

SANS DFIR Summit Solutions Track 202512:45PM - 01:20PM MDT

Virtual

Event Recap & Closing Remarks

SANS DFIR Summit Solutions Track 202501:20PM - 01:30PM MDT

Virtual

Meet the Speaker

Domenica Crognale
Domenica Crognale

Domenica Lee Crognale

Cyber Security Engineer

Domenica has revolutionized mobile device forensics through her 15-year tenure supporting U.S. federal law enforcement and intelligence agencies and leading global training for elite units including the FBI and military special forces.

Read more about Domenica Lee Crognale