This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Securing Your Future in DFIR

Tuesday, April 21, 2020 at 3:30 PM EDT (2020-04-21 19:30:00 UTC)

Kathryn Hedley, Phill Moore, Jason Jordaan, Lee Whitfield

You can now attend the webcast using your mobile device!

Overview

One of the most popular questions posed in the field of DFIR is, "how do I get into the field?" While there is no sure-fire way of becoming a forensic investigator, there are several key steps that anyone can follow that will put them in good standing. Come join our panel of experts as they give their thoughts and answer your questions about how to best equip yourself to land your dream job.

Speaker Bios

Kathryn Hedley

Kathryn has been a digital forensic investigator since 2008. She has Bachelors and Masters degrees, multiple GIAC certifications and four tool-based certifications, including EnCase and X-Ways Forensics. Kathryn has worked for Khyrenz Ltd since 2016, as a digital forensic specialist and advisor.

Phill Moore

Phill has always focused on finding fulfillment through his work, which is why he abandoned his initial pursuit of a career as a business analyst to seek out something that really sparked his interest and felt worthwhile. A career in Digital Forensics and Incident Response (DFIR) was the perfect fit. Whether prosecuting an offender, stopping an attacker, or saving a business, Phill says that the impact his DFIR work has on people's lives makes it all feel worthwhile. And he has extended his footprint through his research and his work as a SANS instructor for FOR500: Windows Forensic Analysis. He writes a weekly blog called This Week in 4n6 that provides a roundup of news and updates about DFIR, and he produces a monthly podcast covering a selection of important recent articles. Phill also has a personal research blog documenting some of his DFIR research on topics such as Zone identifiers, examination documentation, and an introduction to mounting APFS volumes on MacOS. Phill's tools, including his GSERPent Google URL Parser and his Homespeak tool for interacting with Google Home devices, can be found on his Github page. He was nominated for the Forensic 4Cast "Blog of the Year" award in 2017 and 2018 and was selected to speak at the SANS DFIR Summit in 2018. In 2019, he was nominated for the Forensic 4Cast "Resource of the Year", "Podcast of the Year", and "Social Media Contributor of the Year".

Jason Jordaan

Jason is passionate forensicator, who has been practicing digital forensics since 1998 in both the law enforcement and private sectors. He has testified on several occasion in the South African High Court as an expert witness. He is the founder and managing director of DFIRLABS, an independent, private digital forensics and incident response laboratory. Jason has also been involved in training, lecturing, and mentoring in the field of digital forensics since 2010. Besides his training for SANS, he currently teaches the digital forensics and incident response class at Rhodes University in South Africa for their Masters Degree in Information Security. He is also an active researcher and writer and has been published in several textbooks and academic journals. Jason has a Masters degree in Computer Science (Cum Laude), a Masters degree in Forensic Investigation, an Honors degree in Information Systems, a Bachelors degree in Criminal Justice Computer Science, and a Bachelors degree in Policing. He holds the CFCE, GCFE, and CFE certifications.

Lee Whitfield

Lee began his digital forensics career in 2006, when a neighbor told him about the field. Lee was hooked. Immediately, he started reviewing books, software and taking classes to build up his skills. He soon had the knowledge and skill to become a digital forensic investigator in both in the United States and United Kingdom. Today, Lee is a digital forensic consultant and analyst for his own company, 337 Forensics. Lee has covered a wide array of situations during his time as a forensic investigator, everything from child abuse, intellectual property theft, attempted murder, and much more. One of his greatest successes was his work on reverse engineering Volume Shadow Copies, which had been a stumbling block for forensic investigators. Due to Lee's work and innovation, access and time to locate files was greatly reduced, essentially allowing a forensic investigator to view the computer's contents from days, weeks, or even months before, including old or deleted files. Lee also serves as a Senior Technical Adviser for the SANS Research and Operation Center, helping in the Lab Validation process. He also hosts the Forensic 4:cast Awards event at the SANS DFIR Summit each year.