One More Week for MacBook Air, $400 Amazon Gift Card, or Take $400 Off with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

THIR Summit Solutions Track

  • Friday, October 8th | 10:00 AM - 5:00 PM EDTFriday, October 08, 2021 at 10:00 AM EDT (2021-10-08 14:00:00 UTC)
  • Lodrina Cherne


  • Anomali
  • Corelight
  • DomainTools
  • Gigamon
  • Sophos Inc.
  • ThreatQuotient
  • Vectra Networks Inc.
  • Cisco Umbrella

You can now attend the webcast using your mobile device!




You will earn 6 CPE credits for attending this virtual event.

Summit Format: Virtual

Event Overview

Theres a high chance that hidden threats already exist inside your organization's networks. No matter how thorough and sophisticated an organizations security precautions may be, it cannot assume that its security measures are impenetrable. By themselves, prevention systems are insufficient to counter focused human adversaries who know how to get around today's advanced security and monitoring tools. It takes highly skilled and focused hunters to defeat these persistent adversaries.

Threat hunting and incident response tactics and procedures have evolved rapidly over the past several years. Teams can no longer afford to use antiquated incident response and threat hunting techniques that fail to properly identify compromised systems. The key is to constantly look for attacks that get past security systems and to catch intrusions in progress, rather than waiting until after attackers have completed their objectives and done damage to the organization. For the incident responder, this process is known as "threat hunting". Now more than ever individuals need to learn and use advanced skills to hunt, identify, counter, and recover from a wide range of threats within enterprise networks, including APT nation-state adversaries, organized crime syndicates, and hactivists.

Join this SANS lead forum as we explore various threat hunting and incident response topics through invited speakers while showcasing current capabilities available today. Presentations will focus on technical case-studies and thought leadership using specific examples relevant to the industry.

Relevant topics:

   Incident Containment and Remediation

   Kill Chain Strategies

   Windows, Mac and iOS Forensic Analysis and Incident Response

   Open-Source Tools and the SIFT Workstation

   Cyber Threat Intelligence

   Reverse-Engineering Malware

Speaker Bio

Lodrina Cherne

A lifelong curiosity about technology and puzzles, and particularly codes and cryptography, made digital forensics a perfect career for Lodrina Cherne. She sees forensics investigation as a series of facts and data waiting to be identified and discovered, sometimes leading to a clear path, other times showing the investigator that more needs to be done. Lodrina brings that curiosity to her professional work and to her role as an instructor for SANS FOR500: Windows Forensic Analysis.

Lodrina is a Partner and Services Product Manager at Cybereason, where she collaborates with customers to deliver optimal solutions. Previously she worked as a computer forensics examiner for Arsenal Consulting, where she focused on preservation and analysis of electronic evidence, including host-based analysis of Windows, macOS, Android, and iOS systems in matters concerning intellectual property theft, employment disputes, and evidence tampering.

Lodrina has a bachelor's degree in computer science from Boston University and holds the GCFE, GCFA, and GASF certifications. She is a member of the GIAC Advisory Board, contributes to the Forensics Wiki, and is a two-time Lethal Forensicator Coin Holder.

Lodrina is a powerhouse outside of work as well. She's an internationally classed powerlifter who earned the title of National Champion at the 2013 USA Powerlifting championship and received the bronze medal at the 2014 IPF World Championships. She is also a volunteer case reviewer for the Massachusetts foster care system.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.