My DFIR Conference Tour

I shared this page last month for my upcoming travels but as it’s getting closer to take off I thought I’d expand a bit on what I’m looking forward to over my time away.

Magnet User Summit

My first stop is Las Vegas for the Magnet User Summit at the Flamingo Hotel. I haven’t been to MUS before but from the agenda, it looks like it’ll be a good learning experience to see Magnets plans for Axiom as well as sit in a few labs to better understand the tool and meet the folks behind the company.

I’m also looking forward to the live broadcast of the Forensic Lunch and the Capture The Flag, both being put on by Dave and Matthew from G-C Partners. The prizes for the CTF, sponsored by SANS and Magnet, look great.

They also asked me to talk for a few minutes about preparing for the CTF based on my blogpost about the experience at SANS DFIR Netwars last year.

You can register here


Immediately after MUS is OpenText’s Enfuse, held at Caesars Palace.

Taking a look at the agenda, there are lots of sessions I’m interested in seeing; some are from OT staff about better utilisation of Encase, and others are about different forensic artefacts and investigation methodologies – IoT, Threat Hunting, Memory analysis, as well as presentation of evidence at court. Not to mention having the former FBI Director Comey speak, I’m sure, will cause some stir in the crowd. (I don’t have an opinion either way about him, but it’s not every day you get to hear someone, who was at the top of law enforcement in a country, talk).

I’m really interested to see what OpenText has planned for Encase. A lot of labs have been using Encase for a long time, but whether they stick with it remains to be seen. There are a lot of up and coming players in the space such as Magnet’s Axiom and GetData’s Forensic Explorer that could challenge the incumbent Encase and FTK.

I’ll also be speaking on the Wednesday afternoon about branding and sharing in the digital forensics community. I’ll be providing a bit of a background about myself, and my various websites, and then discuss why you should be interested in building your personal brand and how you could go about doing so. I can’t link to the abstract, but the session is titled “Oh! You Were On My List Of People To Meet! Getting Noticed in the Digital Forensics Community”.

If anyone’s interested in the presentation I can probably figure out a way to run it again (and considering it’s in a few weeks, I may do a trial run beforehand).

You can register for Enfuse here.

Techno Security & Digital Forensics Conference

After a short break (yay vacation), my next DFIR stop is Techno Security in Myrtle Beach.

I’m looking forward to this one for a few reasons; lots of vendors to talk to (#swag) and a great agenda of talks and labs. There are far too many talks that look interesting to list here, and I think the hard part is going to be deciding which ones to go to instead of others. The recent furore around Greyshift’s Greykey means the sessions that they’re running are probably going to be standing room only.

Unfortunately, I miss the pre and post-con events (there are some drinks and free training being put on) but I’m keen to chat to people about what they’re seeing, what they’re working on, what I might be able to help with 🙂

You can register to attend here.

SANS DFIR Summit and Training

Lastly, I’ll be heading to Austin for the SANS DFIR Summit and Training conference.

The DFIR Summit is two days of fun in Austin, with a lot of great people getting together to talk about digital forensics; A lot of the SANS course authors attend, and there are some vendors to speak to as well. I’ve been a couple of times and have found it to be a great learning experience.

I’ll be presenting my research on the Google Home, covering the Home app, Home device, and associated cloud data – and yes there’s a Star Wars theme.

You can check out the agenda here; lots of great speakers, and I’m looking forward to hanging out with everyone again.

As soon as the Summit ends we’re straight into the training event, where SANS will be running the whole DF curriculum. I’ll be sitting in on FOR500, and if there are enough people I even get to be the teaching assistant. If you want to learn more about the 500 course then reach out.

One of the other things that I’ll hopefully get to participate in is the DFIR NetWars tournament. They’re doing something different this time; if a person (or team? It isn’t clear) completes all of the questions for one of the domains then they will receive the coin for that course. This is great because it means that even if you don’t walk away with the NetWars coin, you have the chance of walking away with something to showcase your achievement.

And after 4 weeks away I’ll be back home and back to work.

Looking forward to it!

One thought on “My DFIR Conference Tour

  1. […] Over on my ThinkDFIR site, I wrote a post about the DFIR conferences that I’ll be attending across May and June. If you’re over at any of them and want to catch up then reach out – a few people have already so should make for an exciting trip! My DFIR Conference Tour […]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s