SANS 2021 features 30+ Interactive Courses, Three NetWars Tournaments, Trivia Night, and Bonus Talks. Save $150 thru Tomorrow!


To attend this webcast, login to your SANS Account or create your Account.

Getting started in DFIR: Testing 1,2,3 - SANS@Mic

  • Wednesday, February 17, 2021 at 1:00 PM AEDT (2021-02-17 02:00:00 UTC)
  • Phill Moore

You can now attend the webcast using your mobile device!



Getting started in digital forensics has never been easier. Theres a myriad of ways into the field, but those that set themselves apart supplement training with personal research. One could even say that its hard to just do one without the other. Seeing how your actions appear in the data will allow you to have a more complete understanding of whats going on under the hood. In this session, we will look at some easy (and free!) methods of testing forensic artifacts to understand how they work, and how to identify potential activity that created them.

Speaker Bio

Phill Moore

Phill has always focused on finding fulfillment through his work, which is why he abandoned his initial pursuit of a career as a business analyst to seek out something that really sparked his interest and felt worthwhile. A career in Digital Forensics and Incident Response (DFIR) was the perfect fit. Whether prosecuting an offender, stopping an attacker, or saving a business, Phill says that the impact his DFIR work has on people's lives makes it all feel worthwhile. And he has extended his footprint through his research and his work as a SANS instructor for FOR500: Windows Forensic Analysis. He writes a weekly blog called This Week in 4n6 that provides a roundup of news and updates about DFIR, and he produces a monthly podcast covering a selection of important recent articles. Phill also has a personal research blog documenting some of his DFIR research on topics such as Zone identifiers, examination documentation, and an introduction to mounting APFS volumes on MacOS. Phill's tools, including his GSERPent Google URL Parser and his Homespeak tool for interacting with Google Home devices, can be found on his Github page. He was nominated for the Forensic 4Cast "Blog of the Year" award in 2017 and 2018 and was selected to speak at the SANS DFIR Summit in 2018. In 2019, he was nominated for the Forensic 4Cast "Resource of the Year", "Podcast of the Year", and "Social Media Contributor of the Year".

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.