This page contains a list of our selected presentations, as well as other speaking engagements or appearances.

SANS Training Events

FOR572: Advanced Network Forensics and Analysis

Previous Events:

  • Private event: January 22 – 27, 2018; Augusta, GA
  • SANS Southern California/Anaheim: February 12 – 17, 2018; Anaheim, CA (With Simulcast)
  • SANS London March: March 5 – 10, 2017; London, United Kingdom (Co-teach with David Szili)
  • SANS Northern VA Spring: March 19 – 24, 2018; McLean, VA (Co-teach with Matt Bromiley)
  • SANS 2018: April 3 – 8, 2018; Orlando; FL
  • SANS Seattle Spring: April 23 – 28, 2018; Bellvue, WA
  • Security West: May 11 – 16, 2018; San Diego, CA
  • SANS DFIR Summit: June 9 – 14, 2018; Austin, TX
  • SANS Oslo 2018: June 18 – 23, 2018; Oslo, Norway
  • Private event: July 9 – 14, 2018; Lansing, MI
  • SANSFIRE 2018: July 16 – 21, 2018; Washington, DC

Formal Presentations

“Convergence Forensics: Leveraging Multiple Skills to Analyze Evidence”

One discipline is not enough to solve investigations relating to digital evidence. In this Keynote, Phil will expand on scenarios where multiple skills are needed to hunt and uncover evidence. Network Forensics, Memory Forensics, Malware detection, Malware analysis and Data Synchronization between smartphones, Mac and Windows computers may change the way you need to look at your evidence. Simply having tunnel vision in your field will limit your success! A change in your approach may change your success rate when examining digital media.

  • SANS keynote at SANS Seattle: April 23, 2018; Bellevue, WA

What’s New in FOR572“: All SANS courses are updated regularly to ensure they include the latest investigative tools, techniques, and procedures, as well as reflect trends in attacker methodologies. In this webcast, Phil Hagen will discuss the latest updates in the course, as well as some exciting developments in the OnDemand delivery for the course. Well also discuss the corresponding Network Forensics poster, which was released coincident with the new course version.

  • SANS Webcast: April 10, 2018; Online (Archived version available at link)

The Tap House“: This is a series of talks that focus on new and emerging topics in the Network Forensics arena.  No two talks will be quite the same, so feel free to stop in and see what’s new if you’re attending a SANS or other event where we’re holding an event.

Packets move pretty fast. The field of Network Forensics needs to move fast, too. Whether you are investigating a known incident, hunting unidentified adversaries in your environment, or enriching forensic findings from disk- and memory-based examinations, it’s critical to stay abreast of the latest developments in the discipline.

In this SANS @Night series, Phil Hagen will discuss some of the latest technologies, techniques, and tools that you will want to know in pursuit of forensication nirvana.

Phil is also an avid craft beer fan, so there’s a good chance you will learn something about a new notable national or interesting local beer in the process.

This presentation will be helpful for those that wish to keep up-to-date on the most cutting-edge facets of Network Forensics.

  • SANS @Night (SANS DFIR Summit 2018): June 10 2015; Austin, TX