Computer Forensics
Security Training
Security Certification
Internet Storm Center
Cyber Security Graduate School
Security Awareness Training
ICS/SCADA
Penetration Testing
Cyber Defense Foundations
IT Audit
Software SecuritySANS has held Digital Forensics Summits over the past years. Presentations given at these Summits are available for public viewing and download here.
Interested in learning more?
What Works in Cyber Threat Intelligence Summit 2013
- Intelligence-Driven Security
Adam Meyers, CrowdStrike - Better Tools Through Intelligence, Better Intelligence through Tools
Reid Gilman, MITRE - Leveraging CTI to take the fight to adversary
Rick Holland - Non APT Trends by Vertical
John Ramsey, SecureWorks - SANS 360
- The Evolution of Cyber Threats and Cyber Threat Intelligence
Greg Rattray - Ghosh 360 video
Forensics Prague 2012
- (Everyday) Malware Gone APT
Bojan Zdrnja
- Malware Analysis Tools
Christian Wojner
- The WOW Effect - or how Microsoft's WOW64 technology unintentionally fools IT Security analysts
Christian Wojner
- Toward More Effective Incident Response
Portable Incident Response Environment and Incident Response Management
David Kovar
- Carve for Records Not Files
Jeff Ham
- ACAD/Medre.A A Case Study of an Individual Attack
Righard J. Zwienenberg
- Challenges in Physical Extraction of Modern Smartphones and Advance Methods to Overcome
Yuval Ben-Moshe
- (Everyday) Malware Gone APT
Bojan Zdrnja - Malware Analysis Tools
Christian Wojner - The WOW Effect - or how Microsoft's WOW64 technology unintentionally fools IT Security analysts
Christian Wojner - Toward More Effective Incident Response
Portable Incident Response Environment and Incident Response Management
David Kovar - Carve for Records Not Files
Jeff Ham - ACAD/Medre.A A Case Study of an Individual Attack
Righard J. Zwienenberg - Challenges in Physical Extraction of Modern Smartphones and Advance Methods to Overcome
Yuval Ben-Moshe
Forensics and Incident Response Summit 2012
- Recovering Digital Evidence in a Cloud Computing Paradigm
Jad Saliba - Sniper Forensics v3 Hunt
Christopher Pogue - Why not to stay in your lane as a digital forensic examiner
Alissa Torres - Windows 8 Recovery Forensics - Understanding the Three R's
W. Kenneth Johnson - Decade of Agression
Christopher Witter - Exfiltration Forensics in the Age of the Cloud
Frank McClain - Passwords are Everywhere!
Hal Pomeranz - Security Cameras - The Corporate DFIR Tool of the Future
Michael Viscuso - DFIR SANS360 Talks
Andrew Case, Ken Johson, Cindy Murphy, Harlan Carvey, Hal Pomeranz, Kristinn Gudjonsson, Corey Harrell, Melia Kelley, Tim Ray, Alissa Torres, David Nides - Practical use of cryptographic hashes in forensic investigations
Pär Österberg Medina - Digital Forensics for IaaS Cloud Computing
Josiah Dykstra - Taking Registry Analysis to the Next Level
Elizabeth Schweinsberg - Tales from the Crypt - TrueCrypt Analysis
Hal Pomeranz - Windows 7 Forensic Analysis
H. Carvey - Evidence is Data - Why you have the advantage
Jon Stewart - 6-blind-monks
Det. Cindy Murphy, M.Sc. - Analysis and Correlation of Macintosh Logs
Sarah Edwards - Android Mind Reading - Memory Acquisition and Analysis with LiME and Volatility
Joe Sylve - Digital Dumpster Diving an investigative analysis
- Anti-Incident Response
Nick Harbour - Automating File Analysis
Pär Österberg Medina - Building and Maintaining a Digital Forensic Lab - Panel
Art Ehuan - Building and Maintaining a Digital Forensic Lab - Panel
Willy Straubhaar - Building and Maintaining a Digital Forensics Lab - Panel
Jeff Hamm - Building and Maintaining a Digital Forensics Lab - Panel
David Nides - Carve for Record not Files
Jeff Hamm - Mac Memory Analysis with Volatility
Andrew Case - When Macs get Hacked
Sarah Edwards
Forensics and Incident Response Summit 2011
- Bamm Visscher General Electric Company
Bamm Visscher - Building a team from within
Detective Joe Garcia - Computer Incident Response Team
Richard Bejtlich - Digital Forensics and Flux Capacitors
Lee Whitfield - EXT3 File Recovery via Indirect Blocks
Hal Pomeranz - EXT4 Bit by Bit
Hal Pomeranz - Five Point Palm Exploding Heart Technique for Forensics
Andrew Hay - Forensic 4cast Awards
No Speaker - Forensics in the New Cloud Frontier
Andrew Hay - Incident Response from Computer Network Defense
Michael Cloppert - iOS Forensics
Sean Morrissey - IR Process and Smart Phones
Terrance Maguire - log2timeline Since 2009
Kristinn Guðjónsson - Priorities: Personal and Professional
Ken Dunham - Protecting Privileged Domain Accounts during Live Response
Mike Pilkington - Sniper Forensics V2.0 Target Acquisition
Christopher E. Pogue
EU Digital Forensics and Incident Response Summit 2011
- Ad-hoc File System Forensics
Andreas Schuster - All the Gear..and No Idea.. - Scalable, fast & forensically sound incident response using "NOOBS"
Andrew Sheldon MSc. - Detecting and Stopping Malware & Exploit Packages on the Wire - Case Study: SCADA Environments (Part 1)
Righard J. Zwienenberg - Detecting and Stopping Malware & Exploit Packages on the Wire - Case Study: SCADA Environments (Part 2)
Righard J. Zwienenberg - Retrieving Internet Chat History with the Same Ease as a Squirrel Cracks Nuts
Yuri Gubanov CEO, Belkasoft - A Hacker's Guide To Incident Response
David Stubley - Memory Analysis Update Tools & Techniques 2011
Andreas Schuster - Rock Around the Clock
Lee Whitfield - Turning Android Inside Out - DFRWS 2011 Challenge
Ivo Pooters, Fox-IT - The Fight Against eCrime - A Small Nation's story
Peter Gwyn Williams - 8 Days a Week - Verizon Data Breach Investigations Report 2011
Jelle Niemantsverdriet
US Digital Forensic and Incident Response Summit 2010
- Answering the Call - Fighting Digital Crime
Christopher E. Pogue & Major Carole Newell - Sniper Forensics - "One Shot, One Kill"
Christopher E. Pogue - Combating Malware in the age of APT
Jason Garman - Registry and Timeline Analysis
Harlan Carvey - How to Analyze Drive-by Exploit Frameworks
Ken Dunham - Evolution of Binary Code Analysis
Jason Garman - Malware Analysis Panel
Nick Harbour - ExFAT (Extended FAT) File System: Revealed and Dissected
Jonathan Ham - Windows 7: Current Events in the World of Windows Forensics
Troy Larson - Network Payload Analysis for Advanced Persistent Threats
Charles Smutz - Next Generation Windows Forensics Panel
Harlan Carvey - What Windows Area Needs Additional Research and Development?
Jesse Kornblum - Drive Encryption
Jason A. Lord - Encryption V20.10
Jason A. Lord - Beyond Fuzzy Hashing
Jesse Kornblum - Bringing a Knife to a Gun Fight: The Arsenal Required for Modern Forensic Combat!
Andrew Hay - Sourcefire Presentation
Matt Olney - Network Forensics Panel
Andrew Hay - How has the APT changed the way we approach network forensics?
Charles Smutz - CIRT-Level Response to Advanced Persistent Threat
Richard Bejtlich - APT Panel
Richard Bejtlich - What can organizations do immediately to put them in a better position to investigate an APT breach?
Shawn Carpenter - Evolution of APT State of the ART
Michael Cloppert - Examples of Recent APT Persistence Mechanisms
Christopher Glyer - Cloppert Example Deck
Michael Cloppert - Intelligence-Driven Response
Michael Cloppert - Shadow Warriors
Lee Whitfield & Mark McKinnon - Vendor Solutions Panel
David Nardoni - SIEM @ CAP
Nick Levay - CIRT-Level Response to Advanced Persistent Threat
Richard Bejtlich - SANS Forensic Challenge: "Ann's Aurora"
Sherri Davidoff, Eric Fulton & Jonathan Ham - Locating Live Kits
Ken Dunham - NetWitness Investigator Freeware: Network Intelligence, Threat Indicators and Session Exploitation
Brian Girardi - NextGen Architechture
NetWitness
EU Digital Forensic and Incident Response Summit 2010
- Advanced File Carving
Bas Kloet - New Computer Forensics Techniques Panel
Bas Kloet - Legal and Law Enforcement Panel
Bev Nutter - New Computer Forensics Techniques Panel
Dr. Katrin Franke - Trends and Challenges in Applying Artificial Intelligence Methodologies to Digital Forensics
Dr. Katrin Franke - New Computer Forensics Techniques Panel
Emma Webb Hobson - Legal and Law Enforcement Panel
Henrik Kaspersen - Beyond Fuzzy Hashing
Jesse Kornblum - Computer Forensic Tool Panel
Jesse Kornblum - Computer Forensic Tool Panel
Kristinn Gudjonsson - Mastering the Super Timeline
Kristinn Gudjonsson - Verizon Data Breach
Matt van de Wel - Blue Screen of Death is Dead
Matthieu Suiche - Computer Forensics Tool Panel
Matthieu Suiche - Legal and Law Enforcement Panel
Maury Shenk - Computer Forensics Tool Panel
Righard Zwienenberg - Retrieving Information Then What
Righard Zwienenberg - User Panel
Wayne Micklethwaite
US Digital Forensic and Incident 2009
- SANS IR and Forensics Summit Keynote
Richard Bejtlich - Rapid Analysis of Live Response Data
Kris Harms - Essential Incident Response Panel
Ken Bradley - Essential Incident Response
Harlan Carvey - Essential Incident Response Panel
Kris Harms - Essential Incident Response
Dave Hull - Essential Incident Response Panel
Chris Pogue - Incident Response Panel
Ken Bradley - Modern Enterprise Incident Response
Dave Merkel - Forensics Tools Panel
Jesse Kornblum - Forensics Tools Panel
Troy Larson - Forensics Tools Panel
Mark McKinnon - Forensics Tools Panel
Jess Garcia - Registry Analysis
Harlan Carvey - Memory Forensics Analysis Essentials
Jamie Butler & Peter Silberman - Registry Analysis and Memory Forensics
Dolan Gavitt - Solutions for Memory Forensics & Automated Malware Reversing
Rich Cummings - Lessons Learned from the Financial InfoSec Trenches
Alex Cox - Digital Evidence: A New Generation in Criminal Investigations
Chris Kelly - Working With Law Enforcement
Jennifer Kolde - Working With Law Enforcement
Cindy Murphy - Working With Law Enforcement
Ken Privette - Working With Law Enforcement
Paul Vitchock - Working With Law Enforcement
Doug White - Working With Law Enforcement
Beth Whitney - Forensic Challenges in the Courtroom
Craig Ball - Forensic Challenges in the Courtroom
Larry Daniel - Forensic Challenges in the Courtroom
Stroz Friedberg - Forensic Challenges in the Courtroom
Gary Kessler - Forensic Challenges in the Courtroom
Doug White - Mobile Forensics Behind Bars
Sterling Bryan - Mobile Device Forensic Essentials
Eoghan Casey - The Case for Network Forensics
Joe Levy - F-Response, 9 Months Later...
Matthew Shannon - User Panel
Richard Brittson - User Panel
Nolan Clifford - User Panel
James Zinn - Vendor Panel: Briefing on EnCase® Portable
Jim Butterworth - An Ocean of Data
Ken Privette
Computer Forensic Summit 2008
- Upping the 'Anti': Using Memory Analysis to Fight Malware
Aaron Walters - Technology Pathways Product Overview
Chris Brown - IR/Forensics Team Strategy Panel
Chris Novak - IR/Forensics Team Tactics Panel
Chris Novak - IR/Forensics Team Tactics Panel
Eric Gentry - Using the Home Advantage: Combating Anti-Forensics and Linkage Blindness
Chris Daywalt & Eoghan Casey - Summit Table of Contents
SANS - Strategy Panel
Harlan Carvey - Tactics Panel
Harlan Carvey - The Secrets of Registry Analysis
Harlan Carvey - Strategy Panel
Ken Bradley & Kris Harms - Tactics Panel
Ken Bradley & Kris Harms - ManTech Presentation
Henri Van Goethem - Forensics Panel
Mike Poor & Tom Liston - Tactics Panel
Mike Poor & Tom Liston - iPhone Forensics
Forward Discovery - User Panel
Lance Mueller - Mandiant Tactical Incident Response Panel
Ken Bradley & Kris Harms - F-Response: Extend Your Arsenal
Matt Shannon - Successful Strategies in Enterprise Intrusion Investigations
Michael Cloppert - Castle Warrior
Monty McDougal - 7-Minute Presentation
Ovie Carroll - Forensic Trends & Future: Shifting the Forensics Paradigm
Ovie Carroll - Forensic Summit 2008 Keynote
Richard Bejtlich - Forensics and IR Counterinsurgency Field Manual
Rob Lee - Slaying the Red Dragon: Remediating the China Cyber Threat
Ken Bradley & Wendi Rafferty - Strategy Panel
Stroz Friedberg
