SANS DFIR
@sansforensics
The world's leading Digital Forensics and Incident Response provider. This feed updates you on latest DFIR news, events, and training.
This is exactly the kind of moment where our community’s experience in IR can shape how AI-related incidents are understood, mitigated, and responded to at scale. The alignment between the national AI Action Plan and the #DFIRSummit couldn’t be stronger. sans.org/u/1zv5
The US AI Action Plan was released by the @WhiteHouse yesterday specifically calling out AI incident response. America's AI Action Plan specifically mandates "promote mature federal capacity for AI incident response" as a critical infrastructure protection measure. This…
Wrapping up Day 1 at #DFIRSummit: Jacob Latonis @proofpoint & Julia Paluch @GreyNoiseIO explore the macOS #EndpointSecurity Framework—an underused but powerful tool for live DFIR. See how eslogger reveals active threats in real time. #macOSDFIR #ThreatHunting #DFIR
👀 How does CISA notify victims before ransomware hits? 👉 Join us for a candid livestream with CISA's Dave Stern, & hosts @rj_chap & @maridegrazia. Bring your questions! 📆 Set your reminder: buff.ly/xBsPtGl #Ransomware #DFIR #CISA
🔥 Train at your own pace and save! Get 25% off any 4–6 day #DFIR OnDemand course through July 31 with code DFIRhot25 → Self-paced → Expert support → Labs included 👉 sans.org/u/1Ccb Excludes voucher use #SANSTraining #Cybersecurity
🕷️ #ScatteredSpider is targeting #SSO, #cloud, and your help desk with tactics that go far beyond #Ransomware. @rj_chap breaks down why this group is different and more dangerous. Read the blog → sans.org/u/1Ca0 #Cybersecurity #ThreatIntel #IncidentResponse
Live at #DFIRSummit: Ezz Tahoun presents a powerful AI-driven approach to correlating alerts, events & logs into meaningful attack chains. Using open-source tools, clustering, and knowledge graphs, this method cuts through #SOC noise to expose coordinated threats. #DFIR #AI
Colin Meek, #DFIR Consultant at @strozfriedberg tackles the challenges of forensically sound log extraction at the #DFIRSummit—when UI exports fail, API access becomes critical. #DFIR #LogForensics #APISecurity Listen to the talks free online 👉sans.org/u/1zv5
Now at #DFIRSummit: Aaron Sparling @OSINTlabworks @Walmarttech walks through forensic techniques for analyzing #TAILs—an OS built for anonymity. From RAM imaging to artifact recovery, this session tackles how to investigate what’s designed to disappear. #MemoryForensics #DFIR
Up next at the #DFIRSummit: Lee Archinal & Arun Warikoo break down structured vs. unstructured threat hunting—when to lead with a hypothesis and when to let the data guide you. Real-world clarity for chaotic investigations. #ThreatHunting #DFIR #CyberSecurity
Back from lunch at #DFIRSummit! Jess Burn & Jeff Pollard from @forrester take the stage to break down how to stick the landing during MDR-to-IR handoffs. When the clock is ticking post-breach, clean knowledge transfer = faster containment, less chaos. #IncidentResponse #DFIR
For the first time at the #DFIRSummit, #DFIRBytes Case Simulation! conducted by @4enzikat0r. Participants are about to work through a guided case scenario, using cutting-edge forensic tools & methodologies to analyze digital evidence, recover artifacts, & uncover hidden threats
Now at #DFIRSummit: Dennis Labossiere Director at @KPMG deep dives into investigating a malicious script in Microsoft #Intune. This case study exposes how Scattered Spider accessed a client’s Azure tenant—and how forensic techniques uncovered the full scope. #DFIR #CloudForensics
Live now at #DFIRSummit: Tony Knutson, Principal Consultant at @Unit42_Intel dives into what it really means to think like an examiner. This session breaks down how shifting from reactive to investigative mindset improves both speed & accuracy in #DFIR 👉sans.org/u/1zv5
Live now at #DFIRSummit: Jessica Venturo Gorman @Experian shares how modular design can revolutionize IR playbook management. If you’re buried in outdated playbooks or scaling with #SOAR, this talk’s for you #IncidentResponse #DFIR Join us online: sans.org/u/1zv5
Happening now at #DFIRSummit: Deep dive into a North Korean covert op using ARP-based payloads, WebSockets C2, and even weaponized Zoom as a stealthy RAT. Real-world IR, reverse engineering, and detection strategies Join us online: sans.org/u/1zv5 #ThreatIntel #DFIR
Happening now at #DFIRSummit: @maridegrazia takes the stage to explore how #AI is changing the game for #incidentresponse—right as Exec Order 14179 ramps up national AI adoption & oversight. You can listen to this keynote online now! sans.org/u/1zv5 #DFIR
Starting now! Phil Hagen and @HeatherMahalik welcoming attendees to the 18th annual #DFIRSummit. Still time to join us online!
📣 Starting in 15 Min! | Join top minds in digital forensics and incident response today at the #DFIRSummit for: 🎤 Expert talks 👥 Virtual networking ✍️ Dynamic graphic recordings from @mindseyeccf 🎓 Earn CPE credits ➡️ Register for Free | Virtual: sans.org/u/1zv5
📣 Starting Tomorrow! Join top minds in digital forensics and incident response at the #DFIRSummit for: 🎤 Expert talks 👥 Virtual networking ✍️ Dynamic graphic recordings from @mindseyeccf 🎓 Earn CPE credits ➡️ Register for Free | Virtual: sans.org/u/1zv5
📣 Starting in 1 week! Join top minds in digital forensics and incident response at the #DFIRSummit for: 🎤 Expert talks 👥 Virtual networking ✍️ Dynamic graphic recordings from @mindseyeccf 🎓 Earn CPE credits 📍 Salt Lake City & Virtual ➡️ Register: sans.org/u/1zv5
