Blog

Blog
08 Feb 2013

Announcing: The 2013 SANS Digital Forensics and Incident Response Summit Agenda

0 comments Posted by Rob Lee
Filed under Computer Forensics


http://www.sans.org/event/dfir-summit-2013


AGENDA PDF DOWNLOAD






Tuesday, July 9, 2013



Time



Room 1



Room 2



7:00am


-


8:00am



Registration | Networking Breakfast


Presented By



8:00am


-


8:10am



Welcome and Introduction to the 2013 Digital Forensics and Incident Response Summit

  • Rob Lee & Alissa Torres— Summit Chairs Digital Forensics and Incident Response Summit

8:10am


-


9:10am



Digital Forensics and Incident Response Summit - Keynote Address - TBA


9:10am —9:20am

Networking Break


9:20am-10:20amTitle: File system journaling forensics theory, procedures and analysis impacts
  • David Cowen with Matthew Seyer, G-C Partners, LLC
Title: Mining for Evil
  • John McLeod - Manager, Incident Response Team
  • Mike Pilkington - Senior Consultant, Incident Response Team
10:20am - 10:40am

Networking Break


10:40am — 11:40amTitle: The "Trusted" Insider Theft of Intellectual Property and Trade Secrets
  • Warren G. Kruse II - VP, Altep, Inc.
  • Michael Barba - Managing Director, BDO
  • George Wade - Senior Manager, Booz Allen
Title: Volatile IOCs for Fast Incident Response
  • Takahiro Haruyama, Forensic Investigator, Internet Initiative Japan Inc.
11:40am-12:40pm

Lunch & Learn


Presented By



12:40pm —1:40 pmTitle: Johnny AppCompatCache: the Ring of Malware
  • Jeff Hamm - Senior Consultant, MANDIANT
  • Mary Singh - Senior Consultant, MANDIANT
Title — iOS Device Forensics on a Budget
  • Brian Moran - Digital Forensic Analyst, CyberPoint, LLC
1:40pm — 2:40pmTitle: (Mostly) Open Source DFIR — A Toolkit for End-to-End Investigations
  • David Kovar - Manager, Advisory Center of Excellence, Ernst & Young
Title: Offence informs Defense, or does it?
  • Jeff Brown - Director of Cyber Operations, Cyber Clarity
2:40pm — 3:00pmNetworking Break
3:00pm-4:00pmTitle: Open Source Threat Intelligence
  • Kyle Maxwell - Senior Analyst, Verizon Business
Title: Cyber Nightmares: Red October & Shamoon
  • Harold Rodriguez- MalwareReverse Engineer, General Dynamics Fidelis Cybersecurity Solutions
4:00pm-5:00pmTitle: Automating Malware Analysis with Cuckoo Sandbox
  • Claudio Guarnieri - Security Researcher, Rapid7
Title: "My name is Hunter, Ponmocup Hunter"
  • Tom Ueltschi - Security Officer, Swiss Post
5:00pm—6:00pmTitle: Hunting Attackers with Network Audit Trails
  • Tom Cross - Security Researcher, Lancope
  • Charles Herring - Security Researcher, Lancope
Panel Title: Women in DFIR PanelPanelists:
  • Stacey Edwards
  • TBA
  • TBA
  • TBA


 

 

 





Wednesday, July 10, 2013


7:00am-8:00am

Networking Breakfast


Presented By


Time

Room 1



Room 2


8:00am-8:30amTitle: Forensic 4Cast Awards
8:30am-9:30amTitle: Autopsy 3: Extensible Open Source Forensics
  • Brian Carrier - VP of Digital Forensics, Basis Technology
Title: Timeline Analysis by Categories
  • Corey Harrell - IT Specialist III, New York Office of the State Comptroller
9:30am- 10:30amTitle: Detecting data loss from cloud synchronization applications
  • Jake Williams - Principal Consultant, CSRgroup Computer Security
 		Title: A Day in the Life of a Cyber Tool Developer
  • Jonathan Tomczak — Chief Information Officer, TZWorks, LLC
 
10:30am - 10:50am

Networking Break


10:50am - 11:50pmTitle: Proactive Defense
  • Adam Meyers - Director of Intelligence, CrowdStrike, Inc
Title:The 7 Sins of Malware Analysis
  • Dominique Kilman, Malware Analyst, KPMG LLP
12:00pm-1:00pm

Lunch & Learn


Presented By


1:00-2:00pm
  • Title:Plaso — Reinventing the Super Timeline
    • Kristinn Gudjonsson - Senior Security Engineer,Google
Title: Facilitating Fluffy Forensics(a.k.a. Considerations for Cloud Forensics)
  • Andrew Hay - Chief Evangelist, CloudPassage, Inc.
2:00pm—3:00pmTitle:Timeline creation and review, GUI style!
  • David Nides,Manager, Forensic Technology Services KPMG LLP
 		Title: Building, Maturing, and Rocking a Security Operations Center
  • Brandie Anderson - Manager, Security Operations Center and Security Delivery Operations, Hewlett-Packard
 
3:00pm—4:00pmTitle: ICS, SCADA, and Non-Traditional Incident Response
  • Kyle Wilhoit - Threat Researcher, TrendMicro
Title: Restoring Credential Integrity after an Enterprise Intrusion
  • James Perry - Lead Associate Booz Allen Hamilton
  • Anuj Soni - Lead Associate Booz Allen Hamilton
4:00pm-4:20pm

Networking Break


4:20pm-5:30pm

DFIR SANS360


In one hour, 10-12 Digital Forensics and Incident Response experts will discuss the coolest forensic technique, plugin, too, command line, or script they used in the last year that really changed the outcome of a case they were working. If you have never been to a lightning talk it is an eye opening experience. Each speaker has 360 seconds (6 minutes) to deliver their message. This format allows SANS to present 10-12 experts within one hour, instead of the standard one presenter per hour. The compressed format gives you a clear and condensed message eliminating the fluff. If the topic isn't engaging, a new topic is just 6 minutes away.

Don't be a script kiddie - Kyle Maxwell, Verizon

Hunting and Sniper Forensics - Jason Lawrence

Incident Readiness - Top 10 Keys to a Successful Forensic Investigation - J Jewitt

Social Media Forensics - Brian Lockrey

Finding Evil Everywhere: Combining host-based and network indicators - Alex Bond

Chasing Malware, Not Rainbows - Frank McClain

Raising Hacker Kids - Joseph Shaw

TBA - Hal Pomeranz

A Decade of Trends in Large-Scale Financial Cyber Breaches - Ryan Vela

Reconstructing Reconnaissance - Mike Sconzo

Advanced Procurement Triage - Michael Ahrendt

5:30pm-5:40pm

Summary & Closing Remarks


Rob Lee & Alissa Torres— Summit Chairs Digital Forensics and Incident Response Summit




Please note: The DFIR SUMMIT agenda is subject to change at any time.

AGENDAPDF DOWNLOAD


Permalink | Comments RSS Feed - Post a comment | Trackback URL

Post a Comment






* Indicates a required field.

RSS

Search Blog:

Links

Latest Blog Posts

SANS EU #DFIR Summit in Prague - Call for Speakers - Now Open
May 15, 2013 - 3:04 PM

Tools for Examining XOR Obfuscation for Malware Analysis
May 14, 2013 - 2:20 PM

Case Leads: Zero Day Trading, Decrypting iPhones, Calculating AppID's for [...]
May 13, 2013 - 12:08 AM

Latest Tweets @sansforensics

Sign up for #DFIR Netwars at 330 PM Tomorrow in H3/4 - Test [...]
May 21, 2013 - 2:25 AM

ForensicFocus Blog: Using Computer Forensics to Investigate [...]
May 20, 2013 - 6:41 PM

Linux Sleuthing: iOS6 Photo Streams: "Recover" Deleted Camer [...]
May 20, 2013 - 12:32 AM

Latest Papers

Grow Your Own Forensic Tools: A Taxonomy of Python Libraries Helpful for Forensic Analysis
By Terrence OConnor

Integrating Forensic Investigation Methodology into eDiscovery
By Colin Chisholm

Mastering the Super Timeline With log2timeline
By Kristinn Gudjonsson

"This course ROCKS! You can not call yourself a Forensics expert without taking the course from Rob Lee!."
- Ernie Hernandez, Prosoft

"Rob Lee is a master of the subject matter. The material is presented in a way that is understandable. Rob is also charismatic enough to make the course enjoyable."
- Erik Ketlet, JP Morgan Chase

"Good, detailed information. This class has exceeded my expectations, as usual."
- Fahey Owens, Discover Financial Services