SANS Digital Forensics and Incident Response Blog

2013 Digital Forensics and Incident Response Summit #DFIR in Austin Texas 8-9 July

The 2013 Digital Forensics & Incident Response Summit & Training, taking place in Austin, TX is fast approaching.

*** SANS is offering a one-time discount for the DFIR Summit & Training to government employees (e.g., federal, state, local, DoD). This offer reduces the Summit registration fee from $1,995 to $795 when purchased in conjunction with a full priced course. The discount is available for a limited time only, on a first come, first served basis. Please register at with the code DFIRGOV

*** There is also a 10% off code DFIR

Why should you attend the DFIR Summit & Training? Listen to what your peers have to say:

  • "The Summit has been fantastic. It's a great collection of people working on and talking about incredible work. Everyone is pushing the limits of our field." Alex Bond, Tagged
  • "The amount of IR expertise collected in this venue should by rights cause a collapse of some kind." Monica Martinez, SFASU
  • "All I can say is "Wow" I had no idea this Summit provided all this information. Everyone involved with computer technology field should attend this kind of training & knowledge." Paul Cantu, Brownsville PD

"The summit is unique to that it brings the best speakers, content, and attendees together to share and discuss issues that face the DFIR community." Brad Garnett, Gibson Co Sheriff's Office

Post-Summit Training Courses - July 11 - 16, 2013

SANS top notch Digital Forensic training with courses on network forensics, reverse engineering malware, digital forensic analysis, incident response and smartphone forensics.

DFIR Summit — July 9 -10, 2013

In addition to receiving 8 CPE credit each day, you will hear from many of the best minds in DFIR who will share lessons they have learned. You'll have the opportunity to attend sessions taking place Tuesday and Wednesday within two tracks. And you won't want to miss the DFIR SANS 360 taking place Wednesday afternoon. During this hour you will hear from 10-12 DFIR experts; each speaker has 360 seconds (6 minutes) to deliver their high impact message to you!

DFIR NetWars — July 13 - 14, 2013

SANS DFIR NetWars will be at the event! Join us for a hands-on, interactive learning environment that enables Digital Forensics and Incident Response (DFIR) professionals

to develop and master the skills they need to excel in their field.

DFIR NetWars is designed to help participants develop skills in several DFIR critical areas:

Malware Analysis

Digital Forensics

Incident Response

File and Packet Analysis


25+ speakers from a variety of companies will cover exceptional content throughout the two-day Summit. The agenda will cover the following exciting talks and much more.

- File System Journaling Forensics Theory, Procedures and Analysis Impacts

- The "Trusted" Insider Theft of Intellectual Property and Trade Secrets

- Volatile IOC's for Fast Incident Response

- Johnny AppCompatCache: The Ring of Malware

- iOS Device Forensics on a Budget — CyberPoint, LLC

- Offense Informs Defense, or does it? - Open Source Threat Intelligence

- Automating Malware Analysis with Cuckoo Sandbox

- Hunting Attackers with Network Audit Trails

- Autopsy 3: Extensive Open Source Forensics

- Timeline Analysis by Categories

- The 7 Sins of Malware Analysis

- Plaso — Reinventing the Super Timeline — Google

- Timeline Creation and review, GUI Style!

- Building, Maturing, and Rocking a Security Operations Center

- ICS, SCADA, and Non-Traditional Incident Response

- Restoring Credential Integrity after and Enterprise Intrusion

- Facilitating Fluffy Forensics (a.k.a. Considerations for Cloud Forensics)

- Detecting Data Loss from Cloud Synchronization Applications

- Cyber Nightmares: Red October & Shamoon

And many more?

DFIR's Biggest Names:

- Brian Carrier

- David Cowen

- Stacey Edwards

- Kristinn Gudjonsson

- Andrew Hay

- Corey Harrell

- Warren Kruse

- Kyle Maxwell

- David Nides

- Jake Williams

And countless others?

View the detailed conference agenda, speakers and participating vendors as they become available here


The following skills based courses, taught by SANS' top-rated instructors, will be offered. For complete course descriptions visit

FOR408 - Computer Forensic Investigations — Windows In-Depth

FOR526 — Windows Memory Forensics In-Depth (NEW)

FOR610 - Reverse-Engineering Malware: Malware Analysis Tools and Techniques

FOR508 - Advanced Computer Forensic Analysis and Incident Response

Stay connected via twitter, using hashtag #DFIRsummit, to hear announcements and discussions surrounding the Summit. You can also obtain the latest SANS Computer Forensics & Incident Response information by visiting


Posted June 13, 2013 at 9:05 PM | Permalink | Reply

Lee Whitfield

The title for the post says July 8-9 but the dates in the body and on the website are July 9-10. Might cause some confusion.