What are DFIR Bytes?
DFIR Bytes are digital forensics and incident response case simulations that provide a real-world investigative experience. Participants will work through guided case scenarios, using cutting-edge forensic tools and methodologies to analyze digital evidence, recover artifacts, and uncover hidden threats.
DFIR Bytes are NOT Capture the Flag (CTF) challenges, workshops, or competition sessions—they are fully immersive case-solving experiences that combine interactive problem-solving with instructor guidance. These case simulations take you step by step through real-world incidents, ensuring that both newcomers and experienced professionals learn, engage, and refine their investigative techniques.
Free to the Community & Open to All Experience Levels!
What Sets DFIR Bytes Apart?
✔ Real-World DFIR Case Simulations – Solve cases derived from actual DFIR investigations, covering ransomware, cloud forensics, malware analysis, network intrusions and more.
✔ Interactive Learning – Work through key forensic techniques with expert guidance, understanding not just the "what" but the "why" and “how” behind investigative decisions.
✔ Skill Sharpening – Gain end-to-end case-solving skills that you can immediately apply in your real-world investigations.
Who Should Attend?
- DFIR Professionals looking to enhance hands-on forensic skills
- Incident Responders & Threat Hunters interested in real-world investigative techniques
- SOC Analysts, Security Engineers, and IT Professionals who deal with digital evidence
- Anyone looking to sharpen their investigative expertise with guidance from SANS instructors
Pre-Requisites
This session is open to DFIR beginners, those looking to enter DFIR as well as seasoned practitioners seeking to sharpen their skills. A laptop computer is required to participate in the hands-on case simulation.
Please make sure your computer meet the system requirements found here: DFIR Bytes System Requirements