SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
Digital Forensics, Incident Response & Threat Hunting Training
Digital Forensics and Incident Response (DFIR) is essential to understand how intrusions occur, uncover malicious behavior, explain exactly “what happened”, and restore integrity across digital environments. DFIR combines cybersecurity, threat hunting, and investigative techniques to identify, analyze, respond to, and proactively hunt cyber threats and criminal activity.
Investigate, Analyze, Respond, and Hunt Proactively, with Confidence
DFIR is about more than just cyberattacks—it’s about uncovering the truth behind any digital incident. Whether you’re responding to a ransomware breach, investigating insider abuse, analyzing digital evidence in criminal cases, or even performing proactive compromise assessments, SANS DFIR training, designed by real-world practitioners, equips professionals with the technical skills and an investigative mindset to follow the evidence wherever it leads.
From intrusion response to deep-dive forensic analysis of systems, mobile devices, cloud, and memory, our curriculum balances the needs of both security operations and criminal investigations.
What You'll Learn
Digital Forensics
Master evidence collection, timeline analysis, and media exploitation by extracting and analyzing hidden artifacts, reconstructing user activity, and uncovering critical evidence in investigations.
Threat Hunting, Ransomware & Threat Intelligence
Develop proactive techniques to uncover hidden threats, analyze ransomware tactics, and utilize intelligence to anticipate and counter cyber threats.
Malware Analysis, Memory Forensics & Underground Investigations
Examine malicious code, analyze volatile memory, and investigate cybercriminal activity to understand attacker techniques and enhance detection.
Student Insights
SANS DFIR offers the ultimate in quality instruction and thoughtful curriculum development. I learned so much this week and can't wait to review and apply what I learned. I hope all my coworkers will get a chance to experience this quality of training.
Featured Courses
- Slide 1 of 16
SEC402: Cybersecurity Writing: Hack the Reader
Essentials SEC402Digital Forensics and Incident Response
- 12 CPEs / 12 Hours (Self-Paced)
- Slide 2 of 16
FOR589: Cybercrime Investigations
Major UpdatesIntermediate FOR589Digital Forensics and Incident Response
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 20 Hours of hands-on instruction
- Slide 3 of 16
FOR585: Smartphone Forensic Analysis In-Depth
Major UpdatesEssentials FOR585Digital Forensics and Incident Response
- GIAC Advanced Smartphone Forensics (GASF)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 22 Hours of hands-on instruction
- Slide 4 of 16
FOR608: Enterprise-Class Incident Response & Threat Hunting
Intermediate FOR608Digital Forensics and Incident Response
- GIAC Enterprise Incident Responder (GEIR)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hours of hands-on instruction
- Slide 5 of 16
FOR518: Mac and iOS Forensic Analysis and Incident Response
Intermediate FOR518Digital Forensics and Incident Response
- GIAC iOS and macOS Examiner (GIME)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 23 Hours of hands-on instruction
- Slide 6 of 16
FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
Intermediate FOR508Digital Forensics and Incident Response
- GIAC Certified Forensic Analyst (GCFA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 35 Hours of hands-on instruction
- Slide 7 of 16
FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
Advanced FOR610Digital Forensics and Incident Response
- GIAC Reverse Engineering Malware (GREM)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 48 Hours of hands-on instruction
- Slide 8 of 16
FOR578: Cyber Threat Intelligence
Intermediate FOR578Digital Forensics and Incident Response
- GIAC Cyber Threat Intelligence (GCTI)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hours of hands-on instruction
- Slide 9 of 16
FOR509: Enterprise Cloud Forensics and Incident Response
Intermediate FOR509Digital Forensics and Incident Response
- GIAC Cloud Forensics Responder (GCFR)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hours of hands-on instruction
- Slide 10 of 16
FOR528: Ransomware and Cyber Extortion
Intermediate FOR528Digital Forensics and Incident Response- 4 Days (Instructor-Led)
- 24 CPEs / 24 Hours (Self-Paced)
- Labs: 13 Hours of hands-on instruction
- Slide 11 of 16
FOR577: LINUX Incident Response and Threat Hunting
newIntermediate FOR577Digital Forensics and Incident Response
- GIAC Linux Incident Responder (GLIR)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 23 Hours of hands-on instruction
- Slide 12 of 16
FOR710: Reverse-Engineering Malware: Advanced Code Analysis
Advanced FOR710Digital Forensics and Incident Response
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 12 Hours of hands-on instruction
- Slide 13 of 16
FOR498: Digital Acquisition and Rapid Triage
Essentials FOR498Digital Forensics and Incident Response
- GIAC Battlefield Forensics and Acquisition (GBFA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hours of hands-on instruction
- Slide 14 of 16
SEC403: Secrets to Successful Cybersecurity Presentation
Essentials SEC403Digital Forensics and Incident Response
- 6 CPEs / 6 Hours (Self-Paced)
- Slide 15 of 16
FOR500: Windows Forensic Analysis
Essentials FOR500Digital Forensics and Incident Response- GIAC Certified Forensic Examiner (GCFE)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 22 Hours of hands-on instruction
- Slide 16 of 16
FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
Advanced FOR572Digital Forensics and Incident Response
- GIAC Network Forensic Analyst (GNFA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hours of hands-on instruction
Meet Your Experts
Heather Barnhart
Senior Director of Community EngagementHeather has 20+ years of experience working with government agencies, defense contractors, law enforcement, and Fortune 500 companies. Her case experience ranges from fraud, crimes against children, counter-terrorism, and homicide investigations.
Learn more
Ovie Carroll
DirectorFor Ovie Carroll, digital forensics is all about the hunt for evidence in digital places that are hiding critical clues, followed by deep analysis to prove something that the evidence was never intended to prove.
Learn more
David Cowen
Vice PresidentFrom tracking a data breach across five countries and 1,000 systems to pioneering file system journaling forensics, David has been relentlessly advancing DFIR through research, tools, public speaking, and frontline incident response since 1999.
Learn more
Sarah Edwards
Head Of DFIRSarah Edwards is a pioneering force in Apple forensics, having revolutionized the field through the creation of APOLLO—an open-source tool that deciphers macOS and iOS pattern-of-life data.
Learn more
Phil Hagen
Principal Information Security ResearcherPhil Hagen shaped network forensics with SOF-ELK® and SANS FOR572, setting standards in large-scale log analysis and response. His role in exposing a global fraud ring behind hundreds of millions in losses defines his lasting impact on cybersecurity.
Learn more
Robert M. Lee
CEOA former U.S. Air Force cyber warfare officer, Robert led the NSA’s first mission targeting threats to industrial infrastructure. Now at Dragos, he spearheads global defense of critical systems, shaping national policy and industry threat response.
Learn moreExplore Careers Within Digital Forensics
Malware Analyst
Digital Forensics and Incident ResponseMalware analysts face attackers’ capabilities head-on, ensuring the fastest and most effective response to and containment of a cyber-attack. You look deep inside malicious software to understand the nature of the threat – how it got in, what flaw it exploited, and what it has done, is trying to do, or has the potential to achieve.
Explore learning pathIncident Response Team Member
Digital Forensics and Incident ResponseThis dynamic and fast-paced role involves identifying, mitigating, and eradicating attackers while their operations are still unfolding.
Explore learning pathChief Information Security Officer - ECSF
Digital Forensics and Incident ResponseThis expert applies digital forensic skills to a plethora of media that encompasses an investigation. If investigating computer crime excites you, and you want to make a career of recovering file systems that have been hacked, damaged or used in a crime, this may be the path for you. In this position, you will assist in the forensic examinations of computers and media from a variety of sources, in view of developing forensically sound evidence.
Explore learning pathMilitary Operations / Law Enforcement Agents
Digital Forensics and Incident ResponseExecute digital forensic operations under demanding conditions, rapidly extracting critical intelligence from diverse devices. Leverage advanced threat hunting and malware analysis skills to neutralize sophisticated cyber adversaries.
Explore learning pathIntrusion Detection / (SOC) Analyst
Cyber DefenseSecurity Operations Center (SOC) analysts work alongside security engineers and SOC managers to implement prevention, detection, monitoring, and active response. Working closely with incident response teams, a SOC analyst will address security issues when detected, quickly and effectively. With an eye for detail and anomalies, these analysts see things most others miss.
Explore learning pathCybersecurity Analyst / Engineer
Cyber DefenseAs this is one of the highest-paid jobs in the field, the skills required to master the responsibilities involved are advanced. You must be highly competent in threat detection, threat analysis, and threat protection. This is a vital role in preserving the security and integrity of an organization’s data.
Explore learning pathUpcoming Events
- Slide 1 of 20
Open Season on Cyberthreats: Part I- Threat Hunting 101
Expanding on the results of the 2015 SANS Incident Response Survey, the threat hunting survey explores the uses and benefits of threat hunting. Results of the survey will be presented in a two-part webcast.In Part 1 of the webcast, attendees will gain insight into:What threat hunting entailsWhat pitfalls stand in the way of attaining actionable resultsWhat organizations are discovering through threat huntingPart 2 of the webcast, held on Friday, April 15, 2016 at 1:00 p.m. Eastern, will focus on threat hunting methodologies and tools. Be among the first to receive the associated whitepaper written by threat hunting expert and SANS Analyst Eric Cole.View the associated whitepaper here.Enrich your Threat Hunting skills by attending the Threat Hunting and Incident Response Summit | New Orleans, LA | Tuesday, Apr 12-19, 2016.
WebinarDigital Forensics and Incident Response
- 14 Apr 2016
- 13:00 UTC
- Slide 2 of 20
Empowering Incident Response via Automation
Despite advances in incident response, the security community tells SANS there are plenty of things to fix. Automation is sometimes presented as the solution, but what does that mean? In a new SANS webcast and paper, we will talk about automation to empower your employees and make them more successful.While we are making noticeable advancements in some areas, such as dwell times, there's still significant room for improvement in automation. Join us to examine some of the critical issues facing incident responders today. These issues, which may vary in your organization, typically include:The inability to move from remediation/eradication to recoveryMonotonous and/or laborious processes that eat up time that could be spent dealing with incidentsLack of data enrichment to help make investigative decisionsLack of investigative tracking mechanisms to help teams "learn from the past"Register to attend this webcast and be among the first to receive the associated whitepaper written by SANS community instructor and analyst, Matt Bromiley.
WebinarDigital Forensics and Incident Response
- 22 Mar 2019
- 14:00 UTC
- Slide 3 of 20
Building and Maturing Your Threat Hunt Program
While threat hunting sounds exciting--and promising--building an effective program can be daunting. The very definition of threat hunting is fluid, creating confusion about how to use it. Practitioners often have varying opinions about what would be involved in a threat hunt program and how to use it. And, there are many questions about how to develop a program that can evolve into an effective, mature one.In this new SANS webcast, SANS instructor Davis Szili, with insights from a Cisco representative, will help attendees define threat hunting and create an effective process for using it.'the webcast will address getting started, including building a team, what a typical hunt might look like and building a knowledge base for later use. 'Attendees also will learn how to create a test lab and use effective metrics.Register now and be among the first to receive the associated white paper written by David Szili.
WebinarDigital Forensics and Incident Response
- 25 Jun 2019
- 13:00 UTC
- Slide 4 of 20
2020 SANS Cyber Threat Intelligence (CTI) Survey Results
Over the past several years, SANS has seen a gradual maturation of cyber threat intelligence (CTI) and its applications in information security. The 2019 CTI survey saw an increase in usage of and interest in CTI, along with a diversification in how the intelligence is being used by organizations. While the use of CTI continued to grow, it became evident that there is no one-size-fits-all approach. Organizations leverage different types of CTI to meet different needs.The 2020 Cyber Threat Intelligence (CTI) Survey builds on previous surveys to provide guidance on how organizations of all types can get the most out of CTI. Attendees at this webcast will gain insight into:How consumers and generators of CTI leverage, create and measure intelligenceWhat progress has been made on automation of intelligence collection and processingWhat improvements organizations have realized as a result of using CTIWhich best practices are in use across respondents' organizationsRegister today to be among the first to receive the associated whitepaper written by SANS instructor and CTI expert Robert M. Lee.Click here to register for a panel discussion of the survey results on Thursday, February 13, 2020, at 1PM Eastern. On this webcast, Robert M. Lee and sponsor speakers will explore how these results can improve CTI programs.
WebinarDigital Forensics and Incident Response- 11 Feb 2020
- 13:00 UTC
- Slide 5 of 20
How to Improve Threat Detection and Hunting in the AWS Cloud Using the MITRE ATT&CK Matrix
Understanding adversary tactics and techniques based on real-world observations are critical to building more effective threat detection and hunting capabilities. The context provided by data sources is what enables us to make actionable decisions. Still, it is limited to what raw data inputs we consume, as well as consuming enough of the right data to be able to mitigate, remediate and prevent future adversary activity. However, detecting malicious events is not the final solution to thwarting adversaries. Actions need to be taken, whether they are operational (e.g., stopping a malicious process) or strategic (e.g., securing an environment to prevent the execution of malicious processes). In this webinar, SANS and AWS Marketplace will discuss the exercise of applying the MITRE ATT&CK Matrix to the AWS Cloud. They will also explore how to enhance threat detection and hunting in an AWS environment to maintain a strong security posture. Attendees will learn how to:Apply the MITRE ATT&CK Matrix to classify and understand cloud-based techniquesCreate an effective detection strategy and uncover what data sources are requiredBreak down and recognize detections by security product capabilities and data sourcesLeverage threat intel for improved detectionUse AWS services and third-party solutions to support their threat detection and hunting strategy Register today to be among the first to receive the associated whitepaper written by SANS senior instructor and cloud security expert Dave Shackleford.
WebinarDigital Forensics and Incident Response- 1 Sep 2020
- 15:30 UTC
- Slide 6 of 20
Detecting Malicious Activity in Large Enterprises
Modern enterprises are extremely diverse and complex. Yet, security data collection, correlation, and analysis has not kept up with these complexities. It often seems like organizations collect too much without ever truly finding value in the vast amounts of data they have amassed. In this webcast, SANS author Matt Bromiley and Chronicle Security's Dr. Anton Chuvakin focus on concepts to effectively detect malicious activity within large enterprises. They will review how to bring giga-/tera-/petabytes togethers, correlating them into actionable intel by using YARA-L to craft efficient detections that can be used across these vast data sets. The webcast will help attendees answer important questions such as:In your current state, how much data are you ingesting/analyzing?How is your team writing detections? What types of metadata points are they looking for?How do you detect threats?Can you effectively scale detections across your data sets?How do you manage the lifecycle of those detections, tune them, keep them relevant, remove them when no longer relevant? Register today and be among the first to receive the associated whitepaper written by Matt Bromiley.
WebinarDigital Forensics and Incident Response- 10 Sep 2020
- 13:00 UTC
- Slide 7 of 20
Herramientas rapidas DFIR para respuesta a incidents y caza de amenazas
Durante una presunta violacion o caza de amenazas, cuando el tiempo es esencial, interrogar y recopilar datos de un host remoto para descubrir la causa de un incidente es la prioridad numero uno. La recopilacion de datos de un host puede no ser algo nuevo, pero ?que hay de escalar esa recopilacion en cien, mil hosts o mas? Durante este webcast, analizaremos las herramientas y tecnicas que le permitiran obtener de forma rapida y eficaz la visibilidad que tanto necesita en los hosts sospechosos o que estan comprometidos. Podra utilizar estas hermientas para utilizar cualquier proceso o servicio, asi como recopilar cualquier cosa de uno o todos esos hosts de forma remota y consecutiva. Acompaneme en este webcast de una hora mientras revisamos las herramientas de respuesta a incidentes y analisis forense digital como KAPE, Kansa y Velociraptor para una clasificacion y recopilacion de datos rapida y escalable durante un incidente.
WebinarDigital Forensics and Incident Response- 24 Nov 2020
- 11:00 UTC
- Carlos Cajigas
- Slide 8 of 20
Tech Tuesday Workshop Cobalt Strike Detection via Log Analysis
Cobalt Strike has become the attack tool of choice among enlightened global threat actors, making an appearance in almost every recent major hack. Cobalt Strike is an extremely capable and stealthy tool suite, but log analysis can level the playing field, providing many opportunities for detection. This workshop will leverage data sourced from SANS FOR508: Advanced Incident Response, Threat Hunting and Digital Forensics to provide insight into how Cobalt Strike operates and how to detect many of its characteristics via endpoint logs. Whether you are just starting out in threat hunting or a FOR508 alumni, there will be something for everyone in this new workshop! Prerequisites: Participants will need a system running the Windows operating system to perform Windows event log analysis (virtual machines are okay).While logs will be provided in CSV format for attendees without access to Windows, your experience will be greatly diminished without native access to Windows logging libraries. Some familiarity with Windows event log is desirable. System Requirements: Prior to the workshop, participants should prepare the following:A host or virtual machine running a Windows 64-bit operating system (Win7-Win10)Download and install Event Log Explorer 'https://eventlogxp.com/download.phpDownload and install Microsoft Sysinternals Sysmon: 'https://docs.microsoft.com/en-us/sysinternals/downloads/sysmonInstall a tool capable of viewing and filtering CSV files (this is particularly important for attendees who do not have a system running the Windows OS) Lab materials should be downloaded here: https://sansurl.com/cobalt-strike-workshop-labs/ An optional final part of the workshop will include working with Cobalt Strike beacon malware. Examples will be given using SANS Linux-based SIFT virtual machine available here: https://digital-forensics.sans.org/community/downloads *Please note: Due to the nature of these workshops, many have a capacity limit, so to help us offer this opportunity to as many people as possible, we are asking that you please only register if you plan to attend live.
WebinarDigital Forensics and Incident Response- 11 May 2021
- 13:00 UTC
- Chad Tilbury
- Slide 9 of 20
Combating Insider Threats with People, Processes, and AI-based Technology
Insider threats are some of the more difficult threats to detect from both a human and technology perspective. Understanding the problem, risks, and methods to prevent insider threats is the first step in ensuring this toxic risk does not affect your organization. Join SANS Senior Instructor Heather Mahalik, and BlackBerry VPs Pooja Kohli (Product Management), and Tony Lee (Global Services Technical Operations) to learn how insider threats and insider risk can be stopped before they begin by implementing AI-based behavior analytics software, such as BlackBerry Persona, to work alongside your defenders. Be among the first to receive the associated whitepaper written by Heather Mahalik.
WebinarDigital Forensics and Incident Response- 30 Jul 2021
- 13:00 UTC
- Heather Barnhart
- Slide 10 of 20
Apple CVE-2021-30860(FORCEDENTRY)について知っておくべきこと
タイトル:Apple CVE-2021-30860(FORCEDENTRY)について知っておくべきこと日時:9月24日(金) 午前11時(日本時間)スピーカー:Christopher Crowley AppleはCVE-2021-30860のゼロデイ脆弱性を公開、最新OSをリリースしました。iPhone iOS 14.8、macOS Big Sur 11.6、Security Update 2021-005 Catalina、Apple Watch watchOS 7.6.2への速やかなアップデートが必要です。 実際に脆弱性が悪用され、悪意のあるコードが実行された事例も報告されています。iOSやMacOSに対するこのゼロデイ攻撃からユーザーや情報システムを守るために、今すべきことを説明します。この脆弱性の影響を受けているかどうかを確認するための方法や脆弱性についての技術的な情報、Citizen Labsが進めている脅威分析などについても紹介します。 SANS シニアインストラクターであるChrisは、ネットワークセキュリティおよび管理を15年に渡り続けてきました。SANSでも数多くのコースを開発し、SOC構築の第一人者としても知られています。現在はワシントンDCでコンサルタントとして効果的なコンピュータネットワーク防御などを担当しています。ペネトレーションテストやセキュリティオペレーション、インシデントレスポンスやフォレンジック分析などの業務経験もあります。
WebinarDigital Forensics and Incident Response- 24 Sep 2021
- 18:00 JST
- Christopher Crowley
- Slide 11 of 20
Siaran Web Penting SANS: What you Need to Know about CVE-2021-30860 aka FORCEDENTRY
Siaran Web Penting SANS: What you Need to Know about CVE-2021-30860 aka FORCEDENTRYJumat, 24 Sep 2021 9:00AM WIBChris Crowley Apple merilis CVE-2021-30860 dengan menyebutkan: semua versi iPhone iOS sebelum 14.8; versi macOS sebelum OSX Big Sur 11.6, Pembaruan Keamanan 2021-005 Catalina, dan Apple Watch sebelum watchOS versi 7.6.2 menjadi target yang saat ini aktif di eksploitasi. Kami akan membahas hal-hal yang harus segera Anda lakukan untuk melindungi pengguna dan sistem informasi Anda dari eksploitasi zero-day ini terhadap iOS dan MacOS. Kami akan membahas hasil temuan tersebut. Kami akan memberikan indikator tentang apa yang harus dicari untuk mengetahui apakah perangkat Anda telah terdampak oleh kerentanan ini, informasi terbatas tentang detail kerentanan, dan Threat attribution yang telah dikembangkan oleh Citizen Labs. Christopher Crowley, Instruktur Senior SANS, memiliki 15 tahun pengalaman mengelola dan mengamankan jaringan. Dia telah menulis banyak kursus dan merupakan salah satu ahli dalam membangun SOC yang efektif. Saat ini, dia bekerja sebagai konsultan independen di wilayah Washington, DC dan fokus dalam mengembangkan computer network defense yang efektif. Pengalamannya meliputi penetration testing, security operation, incident response, dan forensic analysis.
WebinarDigital Forensics and Incident Response- 24 Sep 2021
- 18:00 JST
- Christopher Crowley
- Slide 12 of 20
2021 ICS/OT Year in Review Executive Briefing
The ICS/OT community has long suffered from a lack of insight into cyber threats, vulnerabilities, and incident response observations. The annual Dragos ICS/OT Year in Review reports on how the community is performing and surfaces areas of improvement needed to provide safe and reliable operations.
WebinarCyber Defense- 1 Mar 2022
- 15:30 UTC
- Rob M. Lee
- Slide 13 of 20
The SOC of the Future Is Data Driven
As threat data continues to amass, security operations has to work harder and faster to keep up with the growing number of threats. To gain the advantage over adversaries, it is essential for security operations to narrow their focus and streamline threat detection and response efforts. In this product review webcast, SANS Analyst Dave Shackleford explores ThreatQ, a platform designed to help teams process and refine data into intelligence, enabling them to focus on the indicators most relevant to their infrastructure and build a tactical response strategy.
WebinarCyber Defense- 28 Apr 2022
- 10:30 UTC
- Slide 14 of 20
Different Sides of the Same Coin: The Difference between Forensic Science and Forensic Engineering in Incident Response
This presentation will explore the differences between how digital forensics is used when applied towards a forensic science goal, or a forensic engineering goal, in incident response.
WebinarDigital Forensics and Incident Response- 14 Jun 2022
- 18:00 CEST
- Jason Jordaan
- Slide 15 of 20
Demystifying SIEM, EDR, XDR & MDR
CISOs and security practitioners are now being bombarded by new acronyms such as XDR which seem to overlap with “older” acronyms like EDR, SIEM, and MDR.According to Gartner, XDR is mainly attractive to smaller security organizations that don’t currently have a SIEM, and it will likely not displace SIEM functionality in large and mature security operations. And according to Forrester, XDR is grounded in EDR and also on a collision course with SIEM and SOAR.
WebinarCloud Security
- 19 Jul 2022
- 15:30 UTC
- Dr. Anton Chuvakin
- Slide 16 of 20
SANS DFIR Summit 2022: Solutions Track - DFIR
Many of the aspects that make DFIR so exciting are also what makes this career field challenging: no two investigations or days in this field are ever the same. We strive to keep pace with changes in technology while attempting to get ahead of attackers who modify their methods to evade detection in this sea of interconnected digital devices.
WebinarDigital Forensics and Incident Response- 15 Aug 2022
- 10:45 UTC
- Domenica Lee Crognale & Lodrina Cherne
- Slide 17 of 20
クラウドのためのDFIRエビデンス収集と証拠保全
データの保管場所や方法が変わると、そのデータに関するフォレンジックが不要になったという思い込みが生じることがあるようです。しかしクラウドでは、オンプレミスの環境では存在しない新しいデジタルフォレンジックのケイパビリティや奥の深さが存在します。ただしクラウド環境における証拠保全のための正しい設定やセットアップの方法を理解しておく必要があります。
WebinarCloud Security- 25 Oct 2022
- 18:30 JST
- Josh Lemon
- Slide 18 of 20
XDR Does Not Exist Without NDR
In today’s world of enterprise security, many technology options are available—perhaps too many. Despite all the options available, security teams still ask the same questions: What is the “right” telemetry? How do we best integrate, and where can we find the best return on our investment?
WebinarDigital Forensics and Incident Response
- 11 Jan 2023
- 10:30 UTC
- Slide 19 of 20
A Leader's Guide to Security Operations: Improve Productivity with Threat Intelligence and Automation
In The 2021 State of Enterprise Breaches, Forrester® found that enterprises spend a median of 37 days and a mean of $2.4 million to find and recover from a breach.
WebinarCloud Security- 14 Feb 2023
- 13:00 UTC
- Slide 20 of 20
2022 ICS/OT Cybersecurity Year in Review Executive Briefing
The ICS/OT community has long suffered from a lack of insight into cyber threats, vulnerabilities, and incident response observations. The annual Dragos ICS/OT Cybersecurity Year in Review provides a comprehensive look at the events that shaped the ICS/OT community and the current threat landscape. It also reports on how the community is performing, and surfaces areas of improvement needed to provide safe and reliable operations.
WebinarDigital Forensics and Incident Response- 23 Feb 2023
- 13:00 UTC
- Rob M. Lee & Ben Miller
DFIR Insights From The Experts
FOR509: Enterprise Cloud Forensics and Incident Response
Learn how to uncover new evidence sources that only exist in the cloud. Expand your ability to perform enterprise cloud forensics and incident response.
Course
Authored byDavid Cowen, Josh Lemon, Pierre Lidome & Megan Roddie-Fonseca
- Slide 1 of 3
- Slide 2 of 3
FOR585: Smartphone Forensic Analysis In-Depth
CourseAuthored byHeather Barnhart & Domenica Lee Crognale
- Slide 3 of 3
