SANS Digital Forensics and Incident Response Blog

SANS Forensics Road Show

SANS is launching a "Forensics Tour," offering SANS Security 508: Computer Forensics, Investigation and Response as Community level events in cities all over. To find a tour stop near you, take a look at the list of Community Events over at the SANS web site.

Obviously there are benefits to taking advantage of these Community level events. The big one is that you can catch the training in your local area and still get out of the office to focus on mastering the course material and the cost is lower than it is at a SANS conference. Another benefit is networking with professionals in your area. If you're in one of these locations and have been considering taking 508, this is an ideal time. Also if you're in law enforcement, special discount rates are available, please contact Scott Weil at SANS for details ( and Ph: 847 778-5058).

You can read the course description here. Unlike some other forensics training that is tool specific, 508 really pulls back the curtain and teaches how the tools work, providing you with greater understanding of the systems you'll be investigating and arming you with the knowledge you'll need to pick up the slack in case your tools fail you.

What motivated Rob Lee and SANS to initiate the forensics tour? There is a need for more information security professionals with forensics and incident response skills. Professionals working in this field regularly encounter delays in court cases due to the backlog of investigations in queue. Consider your own organization, do you have the knowledge and skills required to effectively conduct incident response and forensic investigations? If not, find a tour stop in a location near you and take the course!

I'll be teaching at the first stop, in San Antonio. I have been actively performing computer forensics and incident response for more than five years. I cut my teeth in higher education which I believe may be the most challenging network to secure due to it's size and user base. As someone who worked in higher ed. during the peak of malicious worm outbreaks (Sasser, Blaster and Zotob), I will share some incident response techniques that will help you out in your own environments. In addition, I've been doing forensics investigations in support for businesses and in support of litigation and will pass along some of the lessons I've learned during my work. If you're in the San Antonio region, I'm looking forward to meeting you and learning from you as well. See you there.

Dave Hull, GCFA Silver #3368, is a technologist focusing on incident response, computer forensics and application security. He can be found on the web at