Training
Featured CourseView All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Contact Sales
Contact Sales

A Structured Approach to System Analysis in Incident Response

  • Tue, Mar 4, 2025
  • 12:30PM - 1:30PM AEDT
  • English
  • Technical Presentation
Login to register
Webcast Hero

While the cybersecurity industry offers extensive training in incident response and digital forensics, a critical gap remains: the art of weaving disparate technical artifacts into a coherent understanding of attacker activity. Traditional approaches often focus on isolated system artifacts, leaving investigators to bridge the conceptual gaps between individual findings and the broader attack story.

This talk introduces two frameworks that transforms fragmented forensic evidence into clear, actionable intelligence: intel led investigation, and lead-based attacker activity investigations. Through these frameworks we'll demonstrate how these scenarios interweave and evolve. Attendees will learn how to identify critical pivot points where it's time to stop an intel-based investigation and start enumerating interactive activity, while gaining practical insights into selecting and adapting investigative approaches based on real-time findings.

Most importantly, we'll reveal techniques for translating deep technical expertise into rapid, effective system response strategies. This methodology bridges the gap between granular forensic analysis and the broader incident narrative – essential knowledge for any security professional looking to elevate their investigative capabilities from good to exceptional.

Join us to master the crucial skill of forensic storytelling and transform how you approach digital investigations.

Meet the Speaker – SANS Instructor Luke Pearson

Luke Pearson is an accomplished cyber security professional with a decade of expertise in digital forensics and incident response (DFIR). He has supported organisations of all sizes, from Fortune 100 companies and military and police agencies to healthcare providers and smaller enterprises—in managing incidents and strengthening their security. In addition to his incident response work, Luke actively researches innovative solutions, trains professionals in advanced IR techniques, speaks at conferences, and guest lectures at universities.

A Structured Approach to System Analysis in Incident Response | SANS Institute