Presentations

This page contains a list of our selected presentations, as well as other speaking engagements or appearances.

SANS Training Events

FOR572: Advanced Network Forensics and Analysis

  1. UPCOMING! SANS DFIR Summit 2019: July 27 – August 1, 2019; Austin, TX (with Simulcast)
  2. UPCOMING! Private event: August 5 – 10, 2019; Ft Walton Beach, FL
  3. UPCOMING! SANS Amsterdam August 2019: August 19 – 24, 2019; Amsterdam, Netherlands
  4. UPCOMING! SANS Network Security 2019: September 9 – 14, 2019; Las Vegas, NV
  5. UPCOMING! THIR Summit 2019: October 2 – 7, 2019; New Orleans, LA (with Simulcast)
  6. UPCOMING! SANS October Singapore 2019: October 14 – 19, 2019; Singapore, Singapore
  7. UPCOMING! SANS Paris November 2019: November 4 – 9, 2019; Paris, France
  8. UPCOMING! SANS Cyber Defense Initiative 2019: December 12 – 17, 2019; Washington, DC
  9. ANYTIME! SANS OnDemand

Previous Events:

  1. Private event: January 7 – 12, 2019; Ft Walton Beach, FL
  2. SANS Threat Hunting London 2019: January 14 – 19, 2019; London England
  3. SANS Security East 2019: February 4 – 9, 2019; New Orleans, LA
  4. SANS Brussels February 2019: February 25 – March 2, 2019; Brussels, Belgium
  5. SANS St. Louis 2019: March 11 – 29, 2019; St. Louis, MO
  6. Private event: March 18 – 22, 2019; San Antonio, TX
  7. SANS 2019: April 1 – 6, 2019; Orlando, FL
  8. SANS Security West 2019: May 9 – 14, 2019; San Diego, CA
  9. SANS Zurich June 2019: June 3 – 8, 2019; Zurich, Switzerland
  10. SANSFIRE 2019: June 17-22; Washington, DC
  11. Private Event: July 8 – 13, 2019; Ft Walton Beach, FL

Formal Presentations

US Cyber Challenge Camp: “Large-Scale Forensic Analysis with SOF-ELK® and the Elastic Stack

  • Delaware Technical Community College: June 25, 2019; Dover, DE

The [Encrypted] Elephant in the Room

There is no arguing that the Internet is becoming both more widely and heavily encrypted. This has drastically changed (read: decreased) what traffic network forensicators and defenders can see and therefore use to perform their jobs. However, all hope is not lost. In this talk, we will first briefly explore some of what got us to this point, but more extensively discuss the current state of network traffic analysis in general and what we as an industry can do to overcome it. We will talk about legal, architectural, and technical means of maintaining meaningful visibility in a typical network environment, as well as how our analytic procedures can keep pace with the broader Internet trends.

The road ahead is still full of terabytes of NetFlow, logs, and yes – even full-packet-captures of network traffic. Encryption will remain a constantly evolving technology, meaning security professionals must also stay nimble in the face of this perpetual change.

The Tap House“: This is a series of talks that focus on new and emerging topics in the Network Forensics arena.  No two talks will be quite the same, so feel free to stop in and see what’s new if you’re attending a SANS or other event where we’re holding an event.

Packets move pretty fast. The field of Network Forensics needs to move fast, too. Whether you are investigating a known incident, hunting unidentified adversaries in your environment, or enriching forensic findings from disk- and memory-based examinations, it’s critical to stay abreast of the latest developments in the discipline.

In this SANS @Night series, Phil Hagen will discuss some of the latest technologies, techniques, and tools that you will want to know in pursuit of forensication nirvana.

Phil is also an avid craft beer fan, so there’s a good chance you will learn something about a new notable national or interesting local beer in the process.

This presentation will be helpful for those that wish to keep up-to-date on the most cutting-edge facets of Network Forensics.

  • None scheduled at this time