In a field that is advancing every day due to attackers and coordinated threats, forensic, incident response, and threat hunting professionals need to be constantly learning and challenging assumptions. A single examiner may be hunting APT activity and data destruction one day and missing persons the next. Whether to support business continuity or ensure personal safety, analysts need exposure to new and novel techniques for investigating a wide variety of data sources and require vetted solutions that that help find answers-fast.
Ransomware and state sponsored actors require the ability to threat hunt, asses activities, and dive in deeper when needed. Examiners today are aware that no single tool will fulfill all of their digital forensic, incident response, and threat hunting needs while program owners are looking for the biggest return on time and investment. Industry analysts recommend studying real-world examples of incidents to learn lessons from our peers in the trenches. The SANS Solutions Track at the DFIR/Threat Hunting Summit helps analysts and managers evaluate the latest tools and methods.
Relevant Digital Forensics, Incident Response, and Threat Hunting topics: