Digital Forensics
- Cyber Threat Intelligence Summit & Training 2019 (January 2019)
- Summit Agenda
- CTI 101: Effectively Communicating Threat Intel and Its Value
Rick Holland - CTI 101: Frameworks and Why We Use Them
Katie Nickels - CTI 101: Network Defense - Integrating Threat Intel, IR, and Hunting
Kris McConkey - Analytic Tradecraft in the Real World
Amy Bejtlich - ATT&CK Your CTI: Lessons Learned from Four Years in the Trenches
Brian Beyer, Katie Nickels - Language and Culture in Threat Intelligence
Mitchell Edwards - Meet Me In the Middle: Threat Indications and Warning in Principle and Practice
Joe Slowik - A Brief History of Attribution Mistakes
Sarah Jones - Quality Over Quantity: Determining Your CTI Detection Efficiency
David J. Bianco - Keynote: Applyiing WWII-Era Analytic Techniques to CTI
Jake Williams - How to Get Promoted: Developing Metrics to Show How Threat Intel Works
Marika Chauvin, Toni Gidwani - Schroedinger's Backslash: Tracking the Chinese APT Goblin Panda with RTF Metadata
Michael Raggi - Cloudy with Low Confidence of Threat Intel: How to Use and Create Threat Intelligence in an Office 365 World
Dave Herrald & Ryan Kovar - Untying the Anchor: Countering Unconscious Bias in Threat Intelligence Analysis
Rachel Mullen, Jason Smart
- SANS DFIR Prague Summit & Training 2018 (October 2018)
- Cutting the Wrong Wire: How a Clumsy Attacker Revealed a Global Cryptojacking Campaign
Renato Marinho - Chief Research Officer at Morphus Labs - BYOM - Build Your Own Methodology (in Mobile Forensics)
Mattia Epifani - Digital Forensics Analyst at REALITY NET - Building a Digital Evidence Classification Model
Jason Jordaan - Principal Forensic Analyst at DFIR LABS - Project SIRF - Security Incident Response Framework
Olaf Schwarz - Senior IT-Security Analyst at CERT Austria - Lessons from TheShadowBrokers One Year Later
Matt Suiche - Managing Director at Comae - The X Factor exFAT Talk
Adam Harrison - Principal Consultant at Verizon Threat Research Advisory Center - Automating the Routine Stuff
Kathryn Hedley - Director at Khyrenz Ltd - Comparative Forensic Examination of Three Prominent Ransomware Families
Veronica Schmitt - Partner at DFIR LABS - Statistical Methods for Triaging DFIR Investigations
Ray Strubinger - Managing Consultant DFIR at VerSprite - Chrome Nuts and Bolts: ChromeOS/Chromebook forensics
Jessica Hyde - Director of Forensics at Magnet Forensics, Jad Saliba - Founder and CTO at Magnet Forensics - 1+1 is Not Always 2: Bypassing Multi-Factor Authentication
Jeff Hamm - Technical Director at Mandiant, James Hovious - Senior Consultant at Mandiant
- Cutting the Wrong Wire: How a Clumsy Attacker Revealed a Global Cryptojacking Campaign
- Threat Hunting & Incident Response Summit & Training 2018 (September 2018)
- Summit Agenda
- Lean Hunting
Ben Johnson - Uncovering and Visualizing Malicious Infrastructure
Josh Pyorre, Andrea Scarfo - The Fastest Way to Hunt Windows Endpoints
Michael Gough - Threat Hunting in Your Supply Chain
Jake Williams - Lunch & Learn Panel: The Future of Incident Response
Carbon Black - ATT&CKing the Status Quo: Threat-Based Adversary Emulation with MITRE ATT&CK
Katie Nickels; Cody Thomas - Cyber Threat Hunting in the Middle East
Kevin Albano - Hunting for Lateral Movement Using Windows Event Log
Mauricio Velazco - Forecast: Sunny, Clear Skies, and 100% Detection
Alissa Torres - Differentiating Evil from Benign in the Normally Abnormal World of InfoSec
Rick McElroy - How to Submit a Threat Profile to MITRE ATT&CK
Walker Johnson - Threat Hunting Using Live Box Forensics
John Moran - Viewing the Nodes in the Noise: Leveraging Data Science to Discover Persistent Threat
David Evenden - Hunting Webshells: Tracking TwoFace
Josh Bryant, Robert Falcone - Threat Hunting or Threat Farming: Finding the Balance in Security Automation
Robert M. Lee, Alex Pinto - Quantify Your Hunt:: Not Your Parents' Red Team
Devon Kerr, Roberto Rodriguez - Launching Threat Hunting From Almost Nothing
Takahiro Kakumaru - Who Done It?: Gaining Visibility and Accountability in the Cloud
Ryan Nolette
- DFIR Summit & Training 2018 (June 2018)
- Summit Agenda
- #DFIRFIT or Bust!: A Forensic Exploration of iOS Health Data
Sarah Edwards, Heather Mahalik - Windows Forensics: Event Trace Logs
Nicole Ibrahim - A Planned Methodology fro Forensically Sound Incident Response in Microsoft's Office 365 Cloud Environment
Devon Ackerman - Evidence Generation X
Lee Whitfield - Efficiently Summarizing Web Browsing Activity
Ryan Benson - Mac_apt: The Smarter and Faster Approach to macOS Processing
Yogesh Khatri - Case Study: ModPOS v. RawPOS - A Nerd's-Eye View of Two Malware Frameworks
Brandon Nesbit, Ron Dormido - Practice How You Play: Incident Response War Game (Workshop)
Matt Linton, Francis Perron, Ryan Pittman - A Process is No One: Hunting for Token Manipulation
Jared Atkinson, Robert Winchester - Keynote: Living in the Shadow of the Shadow Brokers
Jake Williams - $SignaturesAreDead =
Daniel Bohannon, Matthew Dunwoody - Finding & Decoding Malicious Powershell Scripts
Mari DeGrazia - Logging, Monitoring, and Alerting in AWS (The TL;DR)
Jonathon Poling - Things I Thought Were Ground Truth in Digital Forensics Until I Found Out I Was Totally Wrong - And What To Do About It Now
Cindy Murphy - Investigating Rebel Scum's Google Home Data
Phill Moore - Every Step You Take: Application and Network Usage in Android
Jessica Hyde - Automating Analysis with Multi-Model Avocados
Matthew Seyer - DNSplice: A New Tool to Deal with Those Super Ugly Microsoft DNS Logs
Shelly Giesbrecht - Advanced Power of the Pivot (Lunch & Learn)
DomainTools
- CyberThreat Summit 2018 (February 2018)
- Hunting Pastebin for Fun and for Profit
Kevin Breen
- Hunting Pastebin for Fun and for Profit
- Cyber Threat Intelligence Summit & Training 2018 (January 2018)
- Cyber Threat Intelligence Summit 2018 Agenda
- Survival Heuristics: Techniques for Avoiding Intelligence Traps
Carmen Medina - There is MOAR to Structured Analytic Techniques Than Just ACH!
Rick Holland - I Can Haz Requirements?: Requirements and Cyber Threat Intelligence Program Success
Michael Rea - Intelligence Preparation of the Cyber Environment
Rob Dartnall - Event Threat Assessments: G20 as a Case Study for Using Strategic Cyber Threat Intelligence to Improve Security
Lincoln Kaffenberger - Hunting Hidden Empires with TLS-Certified Hypotheses
Dave Herrald and Ryan Kovar - Intelligent Hunting: Using Threat Intelligence to Guide Your Hunts
Keith Gilbert - Homemade Ramen & Threat Intelligence: A Recipe for Both
Scott Roberts - The Challenge of Adversary Intent and Deriving Value Out of It
Robert M. Lee - Legal Implications of Threat Intelligence Sharing
Jason Straight - Leveraging Curiosity to Enhance Analytic Technique
Chris Sanders - AlphaBay Market: Lessons from Underground Intelligence Analysis
Christy Quinn - Determining the Fit and Impact of Cyber Threat Intelligence Indicators on Your Monitoring Pipeline (TIQ-Test 2.0)
Alex Pinto - Upgrading Your Cyber Threat Intelligence to Track Down Criminal Hosting Infrastructures
Dhia Mahjoub - ElasticIntel: Building an Open-Source, Low-Cost, Scalable, and Performant Threat Intel Aggregation Platform
Matt Jane - Information Anarchy: A Survival Guide for the Misinformation Age
Rebekah Brown - Getting on the Same Page: Leveraging a Common Framework for Enhanced Intel Sharing
Jim Richberg
- SANS DFIR Prague Summit & Training 2017 (October 2017)
- Forensicating the Apple TV
Mattia Epifani & Claudia Meda - The Impact of the EU General Data Protection Regulation on Digital Forensics & Incident Response
Jason Jordaan - It's About Time!: The Only Timeline Tool You'll Ever Need
Jonathan Tomczak - The Hive: A Scalable Open Source and Free Incident Response Platform
Saad Kadhi - How was that Breach Detected?
Jeff Hamm - Tracking the Attackers' Account Activity
Chema Garcia - Windows Log Forensics to the Next Level: Powershell & WMI
Joe Slowik - (in)Secure Secret Zone
Dr. Francesco Picasso - Summit Programme Guide
- Forensicating the Apple TV
- DFIR Summit & Training 2017 (June 2017)
- The Cider Press: Extracting Forensics Artifacts from Apple Continuity
Sarah Edwards and Heather Mahalik - The Forensics of Plagiarism - A Case Study in Cheating
Tim Ball, PhD - Mac Forensics: Looking into the Past with FSEvents
Nicole Ibrahim - Google Drive Forensics
Ashley Holtz - Your Eyes Can Deceive You: Implications of Firmware Trickery in Metamorphic Hard Drives
Courtney Webb - Boot What? Why Tech Invented by IBM in 1983 is Still Relevant Today
Christopher Glyer - Tracking Bitcoin Transactions on the Blockchain
Kevin Perlow - MAC Times, Mac Times, and More
Lee Whitfield - Beats & Bytes: Striking the Right Chord in Digital Forensics (Or: Fiddling with Your Evidence)
Ryan Pittman, Cindy Murphy, Matt Linton - Beats & Bytes White Paper
Pittman, Murphy, Linton - "Alexa, are you Skynet?"
Jessica Hyde, Brian Moran - Open-Source DFIR Made Easy: The Setup
Stephen Hinck and Alan Orlikoski - Incident Response in the Cloud (AWS)
Jonathon Poling - The Audit Log Was Cleared
Austin Baker, Jacob Christie - EXT File System Recovery
Hal Pomeranz - Japanese Manufacturing, Killer Robots, and Effective Incident Handling
Scott J. Roberts, Kevin D. Thompson - Deciphering Browser Hieroglyphics
Ryan Benson - Processing PCI Track Data with CDPO
David Pany - Know Your Creds or Die Tryin'
Chad Tilbury
- The Cider Press: Extracting Forensics Artifacts from Apple Continuity
- Threat Hunting and IR Summit (April 2017)
- Hunting on AWS
Alex Maestretti and Forest Monsen - So Many Ducks, So Little Time
Michel Coene and Maxim Deweerdt - Threat Hunting in Security Operations
Chris Crowley - Biting into the Jawbreaker - Pushing the Boundaries of Threat Hunting Automation
Alex Pinto - The Myth of Automated Hunting and Case Studies in ICS-SCADA Networks
Robert M Lee - Toppling the Stack - Outlier Detection for Threat Hunters
David J. Bianco - Hunting Webshells on Microsoft Exchange Server
Josh Bryant - Keynote
Huntworld, Rob Lee - Enrich All the Things - The Future of Threat Hunting
Mark Kendrick - Framing Threat Hunting in the Enterprise
Joe Ten Eyck - Threat Hunting: From Fudd to Terminators
Heather Adkins - Real-Time Threat Hunting
Tim Crothers - ShimCache and AmCache Enterprise-Wide Hunting
Matias Bevilacqua - Sorry, but There is No Magic Fairy Dust
JJ Guy - Taking Hunting to the Next Level - Hunting in Memory
Jared Atkinson and Joe Desimone - The Mind of a Hunter - A Cognitive, Data-Driven Approach
Chris Sanders - Threat Hunting with Network Flow
Austin Whisnant - Deriving Successful Hunting Strategies with the Diamond Model
Sergio Caltagirone - Systemic Threat Hunting: Using Continuous Detection Improvement to Find Bad Things
Joe Moles and Jared Myers
- Hunting on AWS
- Cyber Threat Intelligence Summit & Training (January 2017)
- Hunting Threat Actors with TLS Certificates
Mark Parsons - Inglorious Threat Intelligence
Rick Holland - Integrating Cyber Threat Intelligence Using Classic Intel Techniques
Elias Fox and Michael Norkus - Location Specific Cyber Risk
Lincoln Kaffenberger and John Kupcinski - Reversing Threat Intelligence Fun with Strings in Malware
Ronnie Tokazowski - Using CTI to Profile and Defend Against the World's Most Successful Email Scam
Matt Bromiley - Beyond Matching - Applying Data Science Techniques to IOC-Based Detection
Alex Pinto - Knowing When to Consume Intelligence and When to Generate It
Robert M. Lee - The Threat Intel Victory Garden - Creating, Capturing, and Using Your Own Threat Intelligence Using Open Source Tools
Dave Herrald and Ryan Kovar - The Use of Conventional Intelligence Analysis Methodologies in Cyber Threat Intelligence
Rob Dartnall - Threat Intelligence at Microsoft - A Look Inside
Sergio Caltagirone - Pen-to-Paper and the Finished Report - The Often-Overlooked Key to Generating Threat Intelligence
Christian Paredes - Accurate Thinking - Analytic Pitfalls and How to Avoid Them
Kyle Maxwell - Effective Threat Intel Management
Aaron Shelmire - Using Intelligence to Heighten Your Defense
Jeremy Johnson
- Hunting Threat Actors with TLS Certificates
- DFIR Prague Summit & Training 2016 (October 2016)
- How To Rock With DNS
Joao Collier de Mendonca - Investigating Intrusions at Adversary Speed
Christopher Witter - iOS Forensics: Where Are We Now and What are We Missing?
Mattia Epifani and Pasquale Stirparo - I thought I Saw a Haxx0R
Thomas Fischer - "Invoke Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To) D""e'Tec'T 'Th'+'em' "
Daniel Bohannon - Targeted SOC Use Cases for Effective Incident Detection and Response
David Gray and Angelo Perniola - Volatility Bot
Martin G. Korman - DFIR Prague Summit & Training 2016 - Complete Archive
- How To Rock With DNS
- Digital Forensics & Incident Response Summit (June 2016)
- All About that (Data)Base
Matt Bromiley and Jacob Christie - Analyzing Dridex, Getting Owned by Dridez, and Bringing in the New Year with Locky
sudosev - CryptoLocker Ransomware Variants are Lurking In the Shadows; Learn How to Protect Against Them
Ryan Nolette - Defending a Cloud
Troy Larson, Microsoft Security Response Center - Azure - Deleted Evidence - Fill in the Map to Luke Skywalker
David Pany and Mary Singh - Dive into DSL - Digital Response Analysis with Elasticsearch
Brian Marks and Andrea Sancho Silgado - Expanding the Hunt - A Case Study in Pivoting Using Passive DNS and Full PCAP
Gene Stevens and Paul Vixie - FLOSS Every Day - Automatically Extracting Obfuscated Strings from Malware
William Ballenthin and Moritz Raabe - Hadoop Forensics
Kevvie Fowler - Hello Barbie Forensics
Andrew Blaich and Andrew Hay - Incident Response Playbook for Android and iOS
Andrew Hoog - iOS of Sauron - How iOS Tracks Everything You Do
Sarah Edwards - Leveraging Cyber Threat Intelligence in an Active Cyber Defense
Robert M. Lee and Erick Mandt - Plumbing the Depths - Windows Registry Internals
Eric Zimmerman - Potential for False Flag Operations in the DNC Hack
Jake Williams - Puzzle Solving and Science - The Secret Sauce of Innovation in Mobile Forensics
Crowley, Hoog, Leong, Mahalik, and Murphy - Rising from the Ashes - How to Rebuild a Security Program Gone Wrong...with Help from Taylor Swift
Shelly Giesbrecht and Mike Hracs - Rocking Your Windows EventID with ELK Stack
Rodrigo Ribeiro Montoro - Seeing Red - Improving Blue Teams with Red Teaming
- Start-Process PowerShell - Get Forensic Artifact
Jared Atkinson - stoQ'ing Your Splunk
Ryan Kovar and Marcus LaFerrera - To Automate or Not to Automate - That is the Incident Response Question
Brian Carrier - Tracking Threat Actors through YARA Rules and Virus Total
Kevin Perlow and Allen Swackhamer - Trust but Verify - Why, When and How
Mari DeGrazia - UAV Forensic Analysis
David Kovar - Using Endpoint Telemetry to Accelerate the Baseline
Keith McCammon - What Does my SOC Do - A Framework for Defining an InfoSec Ops Strategy
Austin Murphy - What Would You Say You Do Here - Redefining the Role of Intelligence in Investigation
Rebekah Brown, Rapid7 - Who Watches the Smart Watches
Brian Moran
- All About that (Data)Base
- Threat Hunting and Incident Response Summit (April 2016)
- A Longitudinal Study of the Little Endian That Could
Andrew White - Casting a Big Net: Hunting Threats at Scale
Paul Jaramillo and Reed Pochron - Collecting and Hunting for Indications of Compromise with Gusto and Style!
Ismael Valenzuela - Detecting and Responding to Pandas and Bears
Christopher Scott and Wendi Whitmore - DIY DNS DFIR: You're Doing it WRONG
Andrew Hay - Hunting and Dissecting Weevely
Kiel Wadner - Hunting as a Culture (HaaC)
Ben Johnson - Hunting on the Cheap
Jamie Butler, Andrew Morris, and Anjum Ahuja - Hunting Your Memory
Heather Adkins - Must Collect IOCs... Now What?!
William M. Phillips IV - APT Hunter: "Enabling the hunt for abnormalities"
Hao Wang and Joshua Theimer - Threat Hunting Survey Results Preview
Rob Lee - The Remediation Ballet
Matt Linton - Threat Hunting, Defined
Bamm Visscher - To Catch an APT: YARA
Jay DiMartino - Train Like You Fight
Casey Smith - Using Open Tools to Convert Threat Intelligence into Practical Defenses: A Practical Approach
James Tarala - Threat Hunting and Incident Response Summit - Complete Archive
- A Longitudinal Study of the Little Endian That Could
- Cyber Threat Intelligence Summit & Training (February 2016)
- An End User's Perspective on the Threat Intelligence Industry
Rohan Amin - Anticipating Novel Cyber Espionage Threats
John Hultquist - Borderless Threat Intelligence: Proactive Supply Chain Monitoring for Signs of Compromise
Jason Trost and Nicholas Albright - Community Intelligence & Open Source Tools: Building an Actionable Pipeline
Scott J. Roberts - Cyber Threat Intelligence: Maturity and Metrics
Mark Arena - Data - Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing
Alex Pinto - Data Mining for Fun and Profit: Building an Historical Database of Adversary Information
John Bambenek - DomainTools Iris Datasheet
- Multivariate Solutions to Emerging Passive DNS Challenges
Dr. Paul Vixie - Plumbing's Done! Now What Do We Do With All This Water?
Richard Struse - SIX YEARS OF THREAT INTEL: Have we learned nothing?
David Bianco - The Levels of Threat Intelligence
Michael Cloppert - There Can Be Only One!: Last CTI Vendor Standing Pitch
Mark Kendrick and Jess Parnell - The Revolution in Private Sector Intelligence
Richard Bejtlich - Threat Intelligence Awakens
Rick Holland - We Have the Technology; We Can Rebuild Him
Rich Barger and Rob Simmons - YOU'VE GOT 99 PROBLEMS AND A BUDGET'S ONE
Rebekah Brown - Cyber Threat Intelligence Summit & Training 2016 - Complete Archive
- An End User's Perspective on the Threat Intelligence Industry
- DFIR Prague Summit & Training 2015 (October 2015)
- Back to the Future with Document Malware
Tyler Halfpop - Windows Phone 8 Case Study: Forensic Artifacts & Challenges
Cindy Murphy and Mattia Epifani - Exchange Forensics for Incident Response
Owen O'Connor - New Generation Timelining
Daniel White - ReVaulting
Francesco Picasso - Temet Nosce: Know Thy Endpoint Through and Through
Thomas V. Fischer - The Fool, The BeEF and The Butcher
Pasquale Stirparo - There's Something About WMI
Christopher Glyer and Devon Kerr - DFIR Prague Summit & Training 2015 - Complete Archive
- Back to the Future with Document Malware
- Digital Forensics & Incident Response Summit (July 2015)
- Digital Forensics - The Human Cost
Lee Whitfield - Forensic Analysis of sUAS aka Drones
David Kovar - Gaining Control of Incident Costs
Jim Raine (Bit9) - In the Lair of the Beholder - Extrusion Detection in 2015
Kyle Maxwell - Investigation and Intelligence Framework
Alan Ho and Kelvin Wong - No SQL Forensics What to Do with No Artifacts
Matt Bromiley - Plumbing the Depths Shell Bags
Eric Zimmerman - Power Shelling Through the Timeline
Jon Turner - Scaling Incident Response From a 1-Person Shop to a Full SOC Carrier
Moran, McClain, Wallace - Theres Something About WMI
Devon Kerr - Think Again Are We Doing it Wrong
Jordi Sanchez - This Isn't Your Father's Remediation
Wendi Rafferty and Christopher Scott - Threat Analysis of Complex Attacks
Dmitry Bestuzhev - Toward Forensicator Pro Bringing a DevOps Mindset to DFIR to Produce an Assistive Toolchain CADFIR
Barry Anderson - Ubiquity Forensics Your iCloud and You
Sarah Edwards - Walk Softly and Carry 26 Trillion Sticks
Andrew Hay - Windows 8 SRUM Forensics
Yogesh Khatri - Windows Phone 8 Forensic Artifacts and Case Study
Cindy Murphy - Digital Forensics and Incident Response Summit 2015 - Complete Archive
- Digital Forensics - The Human Cost
- Cyber Threat Intelligence Summit & Training (February 2015)
- A Case Study in Competing Hypotheses
Mike Cloppert, Lockheed Martin - Big Data Big Mess
Sound Risk Intelligence Through Complete Context (SurfWatch Labs) - Cyber Risk Report December 2014
SurfWatch Labs - Cyber Threat Intelligence SANS360
- DNS As a Control Point for Cyber Risk
Dr Paul Vixie, Farsight Security - From Threat Intelligence to Defense Cleverness - A Data Science Approach
Alex Pinto, Niddel - Maltego Kung Fu Exploiting Open Source Threat Intelligence
Matt Kodama, Recorded Future - Reconciling Objective Data with Analytical Uncertainty
Ruth Cuddyer, Lockheed Martin CIRT - Results and Analysis of the SANS 2014 Analytics and Intelligence Survey
Mike Cloppert - Taming Your Indicator Consumption Pipeline
Ryan Stillions, Vigilant LLC - The Most Dangerous Game - Hunting Adversaries Across the Internet
Kyle Maxwell, Verisign iDefense and Scott Roberts, GitHub - Tumble, Twiddle, Spin and Roll the Black Hat - Incorporating CTI into Security Assessment Programs
Michael Willburn - Cyber Threat Intelligence Summit & Training 2015 - Complete Archive
- State of Cyber Threat Intelligence Address
Rick Holland, Forrester Research
- A Case Study in Competing Hypotheses
- DFIR Prague Summit & Training 2014 (September 2014)
- Collaborative Timeline Analysis in Large Incidents
Johan Berggren - DFIR Prague 2014 Programme Agenda
- Finding the Needle in the Haystack with FLK
Christophe Vandeplas - Forensic Analysis of MySql DB Systems
Marcel Niefindt - Give Me the Password and I'll Rule the World
Francesco Picasso - One Location to Rule Them All
Pasquale Stirparo - Rekall Memory Forensics
Michael Cohen - Tor Forensics on Windows OS
Mattia Epifani - Windows Shellbags Forensics in Depth
Vincent Lo
- Collaborative Timeline Analysis in Large Incidents
- Digital Forensics & Incident Response Summit (June 2014)
- 10 Ways to Make Your SOC More Awesome
Shelly Giesbrecht - Anatomy of a Breach - The Lifecycle of Cyber Crime
Jonathan Spruill - Automating Linux Memory Capture
Hal Pomeranz - Best Finds for 2014
David Cowen and Matthew Seyer - BlackBerry Forensic Nuggets
Shafik Punja and Cindy Murphy - Closing the Door on Web Shells
Anuj Soni - Don't Drop That Table - A Case Study in MySQL Forensics
Jeff Hamm - Don't Let Your Tools Make You Look Bad
Troy Larson - Forensic 4cast Awards
Lee Whitfield - Incident Response Patterns
Kyle Maxwell and Kevin Thompson - Modern Incident Response
JJ Guy - Peeling the Application Like An Onion
Lee Reiber - Pillars of Incident Response
Brandie Anderson - Public Research - Influencing Change in DFIR Tools
Dan Pullega - Reverse Engineering Mac Malware
Sarah Edwards - Supersize Your Internet Timeline with Google Analytic Artifacts
Mari DeGrazia - Targeted Campaign Analysis and Tracking
Christopher Witter - To Silo or Not to Silo
Frank McClain - USB Devices and Media Transfer Protocol
Nicole Ibrahim - Why Hunt When You Can Seine
Dave Hull - Windows 8 File History Analysis
Kausar Khizra and Nasa Quba - SANS 360
- 10 Ways to Make Your SOC More Awesome
- SANS Cyber Threat Intelligence Summit (February 2014)
- Agile Defensive Technologies
Robert Johnston - Building an Effective Corporate Cyber Threat Intelligence Practice
Greg Rattray - Cyber Threat Intelligence 360
- Emergent Ideas in Cyber Threat Intelligence
Mike Cloppert - Leveraging File Artifacts for Threat Intelligence
David Dorsey - Moving from SIEM to Security Analytics Evolution or Starting Over Panel
- Recent Threat Trend Analysis
Scott Montgomery - The Diamond Model for Intrusion Analysis A Primer
Andy Pendergast - The Dollars and Sense Behind Threat Intelligence Sharing
Rich Barger - Threat Intelligence Buyers Guide
Rick Holland - Threat Intelligence for Incident Response
Kyle Maxwell
- Agile Defensive Technologies
- SANS Forensics Prague Summit & Training 2013 (October 2013)
- Applications Credentials Harvesting from Android Memory
Pasquale Stirparo - Blue Team Perspectives
David Kovar - Catching Bayas on the wire
Ismael Valenzuela - Cloud Storage Forensics
Mattia Epifani - EVTXtract
Willi Ballenthin - Exchange in the Cloud - Investigative and Forensic Aspects of Office 365
Owen O'Connor - Expert Witness Testimony
Prickaerts - Hypervisor Memory Forensics
Mariano Graziano and David Balzarotti - New School Forensics
Chad Tilbury - Open Source Tools for Mobile Forensics
Mattia Epifani - Proc Dot Visual Malware Analysis
Christian Wojner - SANS 360 ICS Forenscis
Rob Lee - Underwater Mobile Forensics
Arturo Rodriguez Olmedo - Week in the Life of a DFIR
Elizabeth Schweinsberg - Your Workflow is NOT my workflow
Joachim Metz - Acquisition and Analysis of iOS Devices
Mattia Epifani - Common analysis Mistakes and Pitfalls
Christian Prickaerts
- Applications Credentials Harvesting from Android Memory
- Digital Forensics & Incident Response Summit 2013 (July 2013)
- 7 Sins of Malware Analysis
Dominique Kilman - A Day in the Life of a Cyber Tool Developer
Jonathan Tomczak - Autopsy 3 Extensible Open Source Forensics
Brian Carrier - Building, Maturing & Rocking a Security Operations Center
Brandie Anderson - Cyber Nightmares - Red October & Shamoon
Harold Rodriguez - Detecting Data Loss from Cloud Synchronization Applications
Jake Williams - Facilitating Fluffy Forensics
Andrew Hay - File System Journaling Forensics Theory, Procedures and Analysis Impacts
David Cowen with Matthew Seyer - Finding Malware Like Iron Man
Corey Harrell - Forensic 4Cast Awards
Lee Whitfield - Hunting Attackers with Network Audit Trails
Tom Cross and Charles Herring - ICS, SCADA and Non-Traditional Incident Response
Kyle Wilhoit - Johnny AppCompatCache - the Ring of Malware
Brice Daniels and Mary Singh - Mining for Evil
John McLeod Mike Pilkington - My Name is Hunter - Ponmocup Hunter
Tom Ueltschi - Offense Informs Defense - Or Does It
Jeff Brown - Open Source Threat Intelligence
Kyle Maxwell - Plaso - Reinventing the Super Timeline
Kristinn Gudjonsson - Proactive Defense
Jason Geffner - Volatile IOCs for Fast Incident Response
Haruyama - DFIR SANS360
- 7 Sins of Malware Analysis
- What Works in Cyber Threat Intelligence Summit (March 2013)
- Intelligence-Driven Security
Adam Meyers, CrowdStrike - Better Tools Through Intelligence, Better Intelligence through Tools
Reid Gilman, MITRE - Leveraging CTI to take the fight to adversary
Rick Holland - Non APT Trends by Vertical
John Ramsey, SecureWorks - SANS 360
- The Evolution of Cyber Threats and Cyber Threat Intelligence
Greg Rattray
- Intelligence-Driven Security
- SANS Forensics Prague Summit & Training 2012 (October 2012)
- (Everyday) Malware Gone APT
Bojan Zdrnja - Malware Analysis Tools
Christian Wojner - The WOW Effect - or how Microsoft's WOW64 technology unintentionally fools IT Security analysts
Christian Wojner - Toward More Effective Incident Response Portable Incident Response Environment and Incident Response Management
David Kovar - Carve for Records Not Files
Jeff Ham - ACAD/Medre.A A Case Study of an Individual Attack
Righard J. Zwienenberg - Challenges in Physical Extraction of Modern Smartphones and Advance Methods to Overcome
Yuval Ben-Moshe
- (Everyday) Malware Gone APT
- Forensics and Incident Response Summit (June 2012)
- Recovering Digital Evidence in a Cloud Computing Paradigm
Jad Saliba - Sniper Forensics v3 Hunt
Christopher Pogue - Why not to stay in your lane as a digital forensic examiner
Alissa Torres - Windows 8 Recovery Forensics - Understanding the Three R's
W. Kenneth Johnson - Decade of Agression
Christopher Witter - Exfiltration Forensics in the Age of the Cloud
Frank McClain - Passwords are Everywhere!
Hal Pomeranz - Security Cameras - The Corporate DFIR Tool of the Future
Michael Viscuso - DFIR SANS360 Talks
Andrew Case, Ken Johson, Cindy Murphy, Harlan Carvey, Hal Pomeranz, Kristinn Gudjonsson, Corey Harrell, Melia Kelley, Tim Ray, Alissa Torres, David Nides - Practical use of cryptographic hashes in forensic investigations
Pr sterberg Medina - Digital Forensics for IaaS Cloud Computing
Josiah Dykstra - Taking Registry Analysis to the Next Level
Elizabeth Schweinsberg - Tales from the Crypt - TrueCrypt Analysis
Hal Pomeranz - Windows 7 Forensic Analysis
H. Carvey - Evidence is Data - Why you have the advantage
Jon Stewart - 6-blind-monks
Det. Cindy Murphy, M.Sc. - Analysis and Correlation of Macintosh Logs
Sarah Edwards - Android Mind Reading - Memory Acquisition and Analysis with LiME and Volatility
Joe Sylve - Digital Dumpster Diving an investigative analysis
- Anti-Incident Response
Nick Harbour - Automating File Analysis
Pr sterberg Medina - Building and Maintaining a Digital Forensic Lab - Panel
Art Ehuan - Building and Maintaining a Digital Forensic Lab - Panel
Willy Straubhaar - Building and Maintaining a Digital Forensics Lab - Panel
Jeff Hamm - Building and Maintaining a Digital Forensics Lab - Panel
David Nides - Carve for Record not Files
Jeff Hamm - Mac Memory Analysis with Volatility
Andrew Case - When Macs get Hacked
Sarah Edwards
- Recovering Digital Evidence in a Cloud Computing Paradigm
- 2011 European Digital Forensics and Incident Response Summit (September 2011)
- Ad-hoc File System Forensics
Andreas Schuster - All the Gear..and No Idea.. - Scalable, fast & forensically sound incident response using "NOOBS"
Andrew Sheldon MSc. - Detecting and Stopping Malware & Exploit Packages on the Wire - Case Study: SCADA Environments (Part 1)
Righard J. Zwienenberg - Detecting and Stopping Malware & Exploit Packages on the Wire - Case Study: SCADA Environments (Part 2)
Righard J. Zwienenberg - Retrieving Internet Chat History with the Same Ease as a Squirrel Cracks Nuts
Yuri Gubanov CEO, Belkasoft - A Hacker's Guide To Incident Response
David Stubley - Memory Analysis Update Tools & Techniques 2011
Andreas Schuster - Rock Around the Clock
Lee Whitfield - Turning Android Inside Out - DFRWS 2011 Challenge
Ivo Pooters, Fox-IT - The Fight Against eCrime - A Small Nation's story
Peter Gwyn Williams
- Ad-hoc File System Forensics
- SANS What Works in Forensics and Incident Response Summit 2011 (June 2011)
- Bamm Visscher General Electric Company
Bamm Visscher - Building a team from within
Detective Joe Garcia - Computer Incident Response Team
Richard Bejtlich - Digital Forensics and Flux Capacitors
Lee Whitfield - EXT3 File Recovery via Indirect Blocks
Hal Pomeranz - EXT4 Bit by Bit
Hal Pomeranz - Five Point Palm Exploding Heart Technique for Forensics
Andrew Hay - Forensic 4cast Awards
- Forensics in the New Cloud Frontier
Andrew Hay - Incident Response from Computer Network Defense
Michael Cloppert - iOS Forensics
Sean Morrissey - IR Process and Smart Phones
Terrance Maguire - log2timeline Since 2009
Kristinn Gujnsson - Priorities: Personal and Professional
Ken Dunham - Protecting Privileged Domain Accounts during Live Response
Mike Pilkington - Sniper Forensics V2.0 Target Acquisition
Christopher E. Pogue
- Bamm Visscher General Electric Company
- SANS What Works in Forensics and Incident Response Summit 2010 (July 2010)
- Answering the Call - Fighting Digital Crime
Christopher E. Pogue & Major Carole Newell - Sniper Forensics - "One Shot, One Kill"
Christopher E. Pogue - Combating Malware in the age of APT
Jason Garman - Registry and Timeline Analysis
Harlan Carvey - How to Analyze Drive-by Exploit Frameworks
Ken Dunham - Evolution of Binary Code Analysis
Jason Garman - Malware Analysis Panel
Nick Harbour - ExFAT (Extended FAT) File System: Revealed and Dissected
Jonathan Ham - Windows 7: Current Events in the World of Windows Forensics
Troy Larson - Network Payload Analysis for Advanced Persistent Threats
Charles Smutz - Next Generation Windows Forensics Panel
Harlan Carvey - What Windows Area Needs Additional Research and Development?
Jesse Kornblum - Drive Encryption
Jason A. Lord - Encryption V20.10
Jason A. Lord - Beyond Fuzzy Hashing
Jesse Kornblum - Bringing a Knife to a Gun Fight: The Arsenal Required for Modern Forensic Combat!
Andrew Hay - Sourcefire Presentation
Matt Olney - Network Forensics Panel
Andrew Hay - How has the APT changed the way we approach network forensics?
Charles Smutz - CIRT-Level Response to Advanced Persistent Threat
Richard Bejtlich - APT Panel
Richard Bejtlich - What can organizations do immediately to put them in a better position to investigate an APT breach?
Shawn Carpenter - Evolution of APT State of the ART
Michael Cloppert - Examples of Recent APT Persistence Mechanisms
Christopher Glyer - Cloppert Example Deck
Michael Cloppert - Intelligence-Driven Response
Michael Cloppert - Shadow Warriors
Lee Whitfield & Mark McKinnon - Vendor Solutions Panel
David Nardoni - SIEM @ CAP
Nick Levay - CIRT-Level Response to Advanced Persistent Threat
Richard Bejtlich - SANS Forensic Challenge: "Ann's Aurora"
Sherri Davidoff, Eric Fulton & Jonathan Ham - Locating Live Kits
Ken Dunham - NetWitness Investigator Freeware: Network Intelligence, Threat Indicators and Session Exploitation
Brian Girardi - NextGen Architechture
NetWitness
- Answering the Call - Fighting Digital Crime
- The 2010 European Digital Forensics and Incident Response Summit (April 2010)
- Advanced File Carving
Bas Kloet - New Computer Forensics Techniques Panel
Bas Kloet - Legal and Law Enforcement Panel
Bev Nutter - New Computer Forensics Techniques Panel
Dr. Katrin Franke - Trends and Challenges in Applying Artificial Intelligence Methodologies to Digital Forensics
Dr. Katrin Franke - New Computer Forensics Techniques Panel
Emma Webb Hobson - Legal and Law Enforcement Panel
Henrik Kaspersen - Beyond Fuzzy Hashing
Jesse Kornblum - Computer Forensic Tool Panel
Kristinn Gudjonsson - Mastering the Super Timeline
Kristinn Gudjonsson - Verizon Data Breach
Matt van de Wel - Blue Screen of Death is Dead
Matthieu Suiche - Computer Forensics Tool Panel
Matthieu Suiche - Legal and Law Enforcement Panel
Maury Shenk - Computer Forensics Tool Panel
Righard Zwienenberg - Retrieving Information Then What
Righard Zwienenberg - User Panel
Wayne Micklethwaite
- Advanced File Carving
- SANS WhatWorks Summit in Forensics and Incident Response (July 2009)
- SANS IR and Forensics Summit Keynote
Richard Bejtlich - Rapid Analysis of Live Response Data
Kris Harms - Essential Incident Response Panel
Ken Bradley - Essential Incident Response
Harlan Carvey - Essential Incident Response Panel
Kris Harms - Essential Incident Response
Dave Hull - Essential Incident Response Panel
Chris Pogue - Incident Response Panel
Ken Bradley - Modern Enterprise Incident Response
Dave Merkel - Forensics Tools Panel
Jesse Kornblum - Forensics Tools Panel
Troy Larson - Forensics Tools Panel
Mark McKinnon - Forensics Tools Panel
Jess Garcia - Registry Analysis
Harlan Carvey - Memory Forensics Analysis Essentials
Jamie Butler & Peter Silberman - Registry Analysis and Memory Forensics
Dolan Gavitt - Solutions for Memory Forensics & Automated Malware Reversing
Rich Cummings - Lessons Learned from the Financial InfoSec Trenches
Alex Cox - Digital Evidence: A New Generation in Criminal Investigations
Chris Kelly - Working With Law Enforcement
Jennifer Kolde - Working With Law Enforcement
Cindy Murphy - Working With Law Enforcement
Ken Privette - Working With Law Enforcement
Paul Vitchock - Working With Law Enforcement
Doug White - Working With Law Enforcement
Beth Whitney - Forensic Challenges in the Courtroom
Craig Ball - Forensic Challenges in the Courtroom
Larry Daniel - Forensic Challenges in the Courtroom
Stroz Friedberg - Forensic Challenges in the Courtroom
Gary Kessler - Forensic Challenges in the Courtroom
Doug White - Mobile Forensics Behind Bars
Sterling Bryan - Mobile Device Forensic Essentials
Eoghan Casey - The Case for Network Forensics
Joe Levy - F-Response, 9 Months Later...
Matthew Shannon - User Panel
Richard Brittson - User Panel
Nolan Clifford - User Panel
James Zinn - Vendor Panel: Briefing on EnCase Portable
Jim Butterworth - An Ocean of Data
Ken Privette
- SANS IR and Forensics Summit Keynote
- SANS WhatWorks Summit in Forensics, and Incident Response (October 2008)
- Upping the 'Anti': Using Memory Analysis to Fight Malware
Aaron Walters - Technology Pathways Product Overview
Chris Brown - IR/Forensics Team Strategy Panel
Chris Novak - Using the Home Advantage: Combating Anti-Forensics and Linkage Blindness
Chris Daywalt & Eoghan Casey - Summit Table of Contents
SANS - Strategy Panel
Harlan Carvey - Tactics Panel
Harlan Carvey - The Secrets of Registry Analysis
Harlan Carvey - Strategy Panel
Ken Bradley & Kris Harms - Tactics Panel
Ken Bradley & Kris Harms - ManTech Presentation
Henri Van Goethem - Forensics Panel
Mike Poor & Tom Liston - Tactics Panel
Mike Poor & Tom Liston - iPhone Forensics
Forward Discovery - User Panel
Lance Mueller - Mandiant Tactical Incident Response Panel
Ken Bradley & Kris Harms - F-Response: Extend Your Arsenal
Matt Shannon - Successful Strategies in Enterprise Intrusion Investigations
Michael Cloppert - Castle Warrior
Monty McDougal - Forensic Trends & Future: Shifting the Forensics Paradigm
Ovie Carroll - Forensic Summit 2008 Keynote
Richard Bejtlich - Forensics and IR Counterinsurgency Field Manual
Rob Lee - Slaying the Red Dragon: Remediating the China Cyber Threat
Ken Bradley & Wendi Rafferty - Strategy Panel
Stroz Friedberg - IR/Forensics Team Tactics Panel
Chris Novak - IR/Forensics Team Tactics Panel
Eric Gentry - 7-Minute Presentation
Ovie Carroll - 7-Minute Presentation
Ovie Carroll
- Upping the 'Anti': Using Memory Analysis to Fight Malware
