Last week was the SANS Digital Forensics and Incident Response Summit in Austin, Texas. I have to say the summit was probably my favorite conference experience I have had thus far. It was a great mix of networking and content. Your days are filled with spectacular information and you are still provided with a lot of opportunity to meet new people and discuss. Plus, if you're active in the #DFIR twitter space, then it was an excellent opportunity to actually meet many of the people who use it. I would highly suggest that, if you the ability to attend the summit. I hope to be back in the coming years.
As I mentioned, days at the summit are filled with a lot of great content from the speakers at the conference. I have to say my favorite presentation, personally, was When Macs Get Hacked from Sarah Edwards. This was simply because it was something I have yet to really see or research and provided a great baseline of knowledge where to look for information and various tools to utilize. This presentation went very well with Andrew Cases's talk on Mac Memory Analysis with Volatility.
Nick Harbour gave an EXCELLENT talk on Anti-Incident Response, that I really enjoyed a lot. His talk was pretty technical and provided a lot of insight into the mind of an attacker. Jeff Hamm's presentation on Carve for Records Not Files provided a lot of good information that should be considered in an investigation. Event records very well may be much easier to carve for than an entire event log file. Where a file is likely to miss all the information, carving for a fragment of that information is a lot simpler and may be just as useful.
Cindy Murphy, this years Forensic 4Cast Examiner of the Year, gave an amazing keynote to open the summit. I thought it was very interesting and insightful. If nothing else, I think a lot of people left the talk inspired and proud to be a part of this community. Mike Viscuso's ending talk on Security Cameras - The Corporate DFIR Tool of the Future was also very interesting and, at least personally, gave a lot to think about the future of investigations and what that brings with big data.
This is just a small sample of what the Summit offered, after all there were two tracks going the whole time (I couldn't make it to everything). The presentations are posted already on SANS website here: http://computer-forensics.sans.org/community/summits. I highly recommend that you go through and take a look for yourself. I really enjoyed the Summit, meeting everyone was awesome and it was nice to be around people that share the same passion (it's reinvigorating).
