This page contains a list of our selected presentations, as well as other speaking engagements or appearances.

SANS Training Events

FOR572: Advanced Network Forensics and Analysis

  1. UPCOMING! Private Event: June 24-29, 2024 (Ft Walton Beach, FL)
  2. UPCOMING! SANSFIRE 2024: July 15-20, 2024 (Washington DC and SANS Live Online)
  3. UPCOMING! Network Security 2024: September 4-9, 2024 (Las Vegas, NV and SANS Live Online)
  4. UPCOMING! SANS DFIR Europe Summit & Training 2024: September 30-October 5, 2024 (Prague, Czechia and SANS Live Online)
  5. UPCOMING! SANS Rocky Mountain Fall 2024: October 21-26, 2024 (Denver, CO and SANS Live Online)
  6. UPCOMING! Private Event: October 28-November 2, 2024 (Ft Walton Beach, FL)
  7. ANYTIME! SANS OnDemand

Previous Events:

  1. SANS London January 2024: January 8-13, 2024 (London, UK and SANS Live Online)
  2. Private Event: February 5-10, 2024 (Ft Walton Beach, FL)
  3. SANS 2024: March 24-29, 2024 (Orlando, FL and SANS Live Online)
  4. SANS Baltimore Spring 2024: April 28-May 3, 2024 (Baltimore MD and SANS Live Online)
  5. SANS Amsterdam May 2024: May 20-25, 2024 (Amsterdam, NL and SANS Live Online)

Formal Presentations

SOF-ELKĀ®: A Free, Scalable Analysis Platform for Forensic, Incident Response, and Security Operations

There is no shortage of digital evidence, with many DFIR and Security Operations teams handling terabytes of log and network data per week. This amount of data presents unique challenges, and many tools are simply inadequate at such a large scale. Commercial platforms that are up to the task are often far out of budgetary reach for small- and medium-sized organizations.

The Elastic Stack, a big data storage and analysis platform, has become increasingly popular due to its scalability and open-source components. Countless investigative and security teams have incorporated Elastic into their toolkits, often realizing the significant level of effort required to customize and manage such a powerful tool. To overcome some of these hurdles, the SOF-ELK platform was created. SOF-ELK aims to be an appliance-like virtual machine that is preconfigured to ingest and parse several hundred different types of log entries, as well as NetFlow data. The intent is to provide analysts and investigators with a tool that leverages the power of the Elastic Stack with minimal setup time and effort. Originally a part of the SANS FOR572, Advanced Network Forensics & Threat Hunting course, SOF-ELK has been incorporated into additional SANS courses and is released as a free and open-source platform for the overall security community.

In this presentation, we explore SOF-ELK’s use cases, types of log data currently supported, as well as how to load data from live or archived sources. We will also show the various dashboards supplied with the VM and show how new features can be activated through the project’s GitHub repository.

Previous Events: