What are DFIR Bytes?
DFIR Bytes are digital forensics and incident response case simulations that provide a real-world investigative experience. Participants will work through guided case scenarios, using cutting-edge forensic tools and methodologies to analyze digital evidence, recover artifacts, and uncover hidden threats.
DFIR Bytes are not Capture the Flag (CTF) challenges, workshops, or competition sessions—they are fully immersive case-solving experiences that combine interactive problem-solving with instructor guidance. These case simulations will take you from beginning to end a real-world incident, in a step-by-step environment, ensuring that both newcomers and experienced professionals learn, engage, and refine their investigative techniques.
What Sets DFIR Bytes Apart?
✔ Real-World DFIR Case Simulations – Solve cases derived from actual DFIR investigations, covering ransomware, cloud forensics, malware analysis, network intrusions and more.
✔ Interactive Learning – Work through key forensic techniques with expert guidance, understanding not just the "what" but the "why" and “how” behind investigative decisions.
✔ Skill Sharpening – Gain end-to-end case-solving skills that you can immediately apply in your real-world investigations.
Session Information
Session Title:
Uncovering the Mystery of the Discovered USB Stick
Session Overview:
A mysterious USB stick has been found in a car park, and it’s up to you to uncover the secrets it holds. Over two nights, participants will dive into the fundamentals of digital forensics, following a step-by-step guided investigation.
You will learn how to:
- Process and analyze a forensic image using a variety of free tools
- Parse data and metadata
- Recognize and recover deleted data
- Locate and analyze key artifacts used by attackers
This hands-on case simulation will teach you practical, job-ready skills, leveraging modern forensic techniques to solve a real-world DFIR case investigation.
Location:
Manchester Grand Hyatt, 1 Market Place, San Diego, CA 92101
A Two-Day Experience:
Thursday, May 8 & Friday, May 9 | 6:00pm – 8:30pm Pacific Time (UTC -5)
Time(s):
6:00-6:30pm: Welcome Reception both nights
6:30-8:30pm: DFIR Bytes Challenge
Who Should Attend?
- DFIR Professionals looking to enhance hands-on forensic skills
- Incident Responders & Threat Hunters interested in real-world investigative techniques
- SOC Analysts, Security Engineers, and IT Professionals who deal with digital evidence
- Anyone looking to sharpen their investigative expertise with guidance from SANS instructors
Pre-Requisites
This session is open to DFIR beginners, those looking to enter DFIR as well as seasoned practitioners seeking to sharpen their skills. A laptop computer is required to participate in the hands-on case simulation.
Please make sure your computer meet the system requirements found here: DFIR Bytes System Requirements
Don’t miss your chance to be part of the first-ever DFIR Bytes Case Simulation! Seats are limited, so register now to secure your spot.
