Blog: SANS Digital Forensics and Incident Response Blog

Blog: SANS Digital Forensics and Incident Response Blog

Announcing: The 2013 SANS Digital Forensics and Incident Response Summit Agenda


http://www.sans.org/event/dfir-summit-2013


AGENDA PDF DOWNLOAD






Tuesday, July 9, 2013



Time



Room 1



Room 2



7:00am


-


8:00am



Registration | Networking Breakfast


Presented By



8:00am


-


8:10am



Welcome and Introduction to the 2013 Digital Forensics and Incident Response Summit

  • Rob Lee & Alissa Torres— Summit Chairs Digital Forensics and Incident Response Summit

8:10am


-


9:10am



Digital Forensics and Incident Response Summit - Keynote Address - TBA


9:10am —9:20am

Networking Break


9:20am-10:20amTitle: File system journaling forensics theory, procedures and analysis impacts
  • David Cowen with Matthew Seyer, G-C Partners, LLC
Title: Mining for Evil
  • John McLeod - Manager, Incident Response Team
  • Mike Pilkington - Senior Consultant, Incident Response Team
10:20am - 10:40am

Networking Break


10:40am — 11:40amTitle: The "Trusted" Insider Theft of Intellectual Property and Trade Secrets
  • Warren G. Kruse II - VP, Altep, Inc.
  • Michael Barba - Managing Director, BDO
  • George Wade - Senior Manager, Booz Allen
Title: Volatile IOCs for Fast Incident Response
  • Takahiro Haruyama, Forensic Investigator, Internet Initiative Japan Inc.
11:40am-12:40pm

Lunch & Learn


Presented By



12:40pm —1:40 pmTitle: Johnny AppCompatCache: the Ring of Malware
  • Jeff Hamm - Senior Consultant, MANDIANT
  • Mary Singh - Senior Consultant, MANDIANT
Title — iOS Device Forensics on a Budget
  • Brian Moran - Digital Forensic Analyst, CyberPoint, LLC
1:40pm — 2:40pmTitle: (Mostly) Open Source DFIR — A Toolkit for End-to-End Investigations
  • David Kovar - Manager, Advisory Center of Excellence, Ernst & Young
Title: Offence informs Defense, or does it?
  • Jeff Brown - Director of Cyber Operations, Cyber Clarity
2:40pm — 3:00pmNetworking Break
3:00pm-4:00pmTitle: Open Source Threat Intelligence
  • Kyle Maxwell - Senior Analyst, Verizon Business
Title: Cyber Nightmares: Red October & Shamoon
  • Harold Rodriguez- MalwareReverse Engineer, General Dynamics Fidelis Cybersecurity Solutions
4:00pm-5:00pmTitle: Automating Malware Analysis with Cuckoo Sandbox
  • Claudio Guarnieri - Security Researcher, Rapid7
Title: "My name is Hunter, Ponmocup Hunter"
  • Tom Ueltschi - Security Officer, Swiss Post
5:00pm—6:00pmTitle: Hunting Attackers with Network Audit Trails
  • Tom Cross - Security Researcher, Lancope
  • Charles Herring - Security Researcher, Lancope
Panel Title: Women in DFIR PanelPanelists:
  • Stacey Edwards
  • TBA
  • TBA
  • TBA


 

 

 





Wednesday, July 10, 2013


7:00am-8:00am

Networking Breakfast


Presented By


Time

Room 1



Room 2


8:00am-8:30amTitle: Forensic 4Cast Awards
8:30am-9:30amTitle: Autopsy 3: Extensible Open Source Forensics
  • Brian Carrier - VP of Digital Forensics, Basis Technology
Title: Timeline Analysis by Categories
  • Corey Harrell - IT Specialist III, New York Office of the State Comptroller
9:30am- 10:30amTitle: Detecting data loss from cloud synchronization applications
  • Jake Williams - Principal Consultant, CSRgroup Computer Security
 
Title: A Day in the Life of a Cyber Tool Developer
  • Jonathan Tomczak — Chief Information Officer, TZWorks, LLC
 
10:30am - 10:50am

Networking Break


10:50am - 11:50pmTitle: Proactive Defense
  • Adam Meyers - Director of Intelligence, CrowdStrike, Inc
Title:The 7 Sins of Malware Analysis
  • Dominique Kilman, Malware Analyst, KPMG LLP
12:00pm-1:00pm

Lunch & Learn


Presented By


1:00-2:00pm
  • Title:Plaso — Reinventing the Super Timeline
    • Kristinn Gudjonsson - Senior Security Engineer,Google
Title: Facilitating Fluffy Forensics(a.k.a. Considerations for Cloud Forensics)
  • Andrew Hay - Chief Evangelist, CloudPassage, Inc.
2:00pm—3:00pmTitle:Timeline creation and review, GUI style!
  • David Nides,Manager, Forensic Technology Services KPMG LLP
 
Title: Building, Maturing, and Rocking a Security Operations Center
  • Brandie Anderson - Manager, Security Operations Center and Security Delivery Operations, Hewlett-Packard
 
3:00pm—4:00pmTitle: ICS, SCADA, and Non-Traditional Incident Response
  • Kyle Wilhoit - Threat Researcher, TrendMicro
Title: Restoring Credential Integrity after an Enterprise Intrusion
  • James Perry - Lead Associate Booz Allen Hamilton
  • Anuj Soni - Lead Associate Booz Allen Hamilton
4:00pm-4:20pm

Networking Break


4:20pm-5:30pm

DFIR SANS360


In one hour, 10-12 Digital Forensics and Incident Response experts will discuss the coolest forensic technique, plugin, too, command line, or script they used in the last year that really changed the outcome of a case they were working. If you have never been to a lightning talk it is an eye opening experience. Each speaker has 360 seconds (6 minutes) to deliver their message. This format allows SANS to present 10-12 experts within one hour, instead of the standard one presenter per hour. The compressed format gives you a clear and condensed message eliminating the fluff. If the topic isn't engaging, a new topic is just 6 minutes away.

Don't be a script kiddie - Kyle Maxwell, Verizon

Hunting and Sniper Forensics - Jason Lawrence

Incident Readiness - Top 10 Keys to a Successful Forensic Investigation - J Jewitt

Social Media Forensics - Brian Lockrey

Finding Evil Everywhere: Combining host-based and network indicators - Alex Bond

Chasing Malware, Not Rainbows - Frank McClain

Raising Hacker Kids - Joseph Shaw

TBA - Hal Pomeranz

A Decade of Trends in Large-Scale Financial Cyber Breaches - Ryan Vela

Reconstructing Reconnaissance - Mike Sconzo

Advanced Procurement Triage - Michael Ahrendt

5:30pm-5:40pm

Summary & Closing Remarks


Rob Lee & Alissa Torres— Summit Chairs Digital Forensics and Incident Response Summit




Please note: The DFIR SUMMIT agenda is subject to change at any time.

AGENDAPDF DOWNLOAD


Post a Comment






Captcha

* Indicates a required field.