We are thrilled that you joined us at the SANS DFIR Summit! Here are some of the top resources you can use immediately to not only grow your skills, but also connect with the DFIR Community and get a tip or two from your peers:
DFIR Resources
- Posters & Cheat Sheets
- DFIR Blog: Latest blogs written by SANS DFIR faculty
- Whitepapers: Latest papers from SANS DFIR faculty
- DFIR YouTube Channel: Watch webcasts, past DFIR Summit talks and more
- NEW!: 3MinMax series with Kevin Ripa: Daily 3-minute video series about different forensic topics
DFIR Tools
- SIFT® - A digital forensics and incident response-based Linux distribution bundling most open-source DFIR tools available.
- REMnux® - A free Linux toolkit for assisting malware analysts with reverse-engineering malicious software.
- EZTools - Cutting-edge open-source windows based digital forensics tool suite for scalable, scriptable, fast forensics.
- SOF-ELK® - "Big data analytics" platform composed of Elastic stack, logstash, Kibana (ELK) to make large scale analysis easier.
- APOLLO - Apple Pattern of Life Lazy Output'er (APOLLO) extracts and correlates usage data from Apple devices.
- KAPE - Rapid Triage Forensic Artifact Acquisition and Processing Tool.
- Hunting Maturity Model - Threat Hunting Evaluation Model.
DFIR Community Programs and Lists
- SANS DFIR Discussion List - A forum to ask questions related to DFIR.
- Law Enforcement Officer Appreciation Program - Supporting the NA State and Local community with 50% off training.
Free Training
- Test Drive SANS DFIR Courses - If you are new to SANS or unsure of the subject area or skill level to select for your next DFIR training course, SANS offers free one-hour course previews via our OnDemand platform.
- Tech Tuesday Workshops - Hands-on virtual environments that give you the opportunity to dive into course material.
- For more resources and for over 150 free tools from our faculty, visit www.sans.org/free.
Too much content and don't not know where to start? Read this blog that has a compilation of the most popular SANS DFIR resources!
Retake Courses at 50%
SANS DFIR courses go through major updates several times per year and knowing that some of you are part of the alumni family, we’d like to invite you to retake a course for 50% off at the DFIR Summit. *Please note the 50% retake is offered for all SANS modalities.
Here is how to register:
- Login to your SANS account with the email address you previously used to attend the course.
- Select which modality/event you want to re-take the course (Live Online or OnDemand).
- Register and enter “alumni” in the reg code box under payment If your portal account email address has changed since you took the last course, please reach out to registration@sans.org with the information you have on the previous course.
We look forward to seeing you at DFIR Summit and follow us on Twitter @sansforensics for the most up-to-date information.
