Presentations

This page contains a list of our selected presentations, as well as other speaking engagements or appearances.

SANS Training Events

FOR572: Advanced Network Forensics and Analysis

  1. UPCOMING! SANS Baltimore Spring 2024: April 28-May 3, 2024 (Baltimore MD and SANS Live Online)
  2. UPCOMING! SANS Amsterdam May 2024: May 20-25, 2024 (Amsterdam, NL and SANS Live Online)
  3. UPCOMING! Private Event: June 24-29, 2024 (Ft Walton Beach, FL)
  4. UPCOMING! SANSFIRE 2024: July 15-20, 2024 (Washington DC and SANS Live Online)
  5. UPCOMING! SANS DFIR Summit & Training 2024: August 24-29, 2024 (Salt Lake City, UT and SANS Live Online)
  6. UPCOMING! Network Security 2024: September 4-9, 2024 (Las Vegas, NV and SANS Live Online)
  7. ANYTIME! SANS OnDemand

Previous Events:

  1. SANS Amsterdam: January 23-28, 2023 (Amsterdam, NL and SANS Live Online)
  2. Private Event: February 13-18, 2023 (SANS Live Online)
  3. Private Event: March 6-10, 2023 (Augusta, GA)
  4. SANS Baltimore Spring 2023: March 13-18, 2023 (Baltimore, MD and SANS Live Online)
  5. SANS 2023: April 2-7, 2023 (Orlando, FL and SANS Live Online
  6. Private Event: May 8-12, 2023 (SANS Live Online)
  7. SANS Paris June 2023: June 12-17, 2023 (Paris, France and SANS Live Online)
  8. SANS Cyber Defence Singapore 2023: July 3-8, 2023 (Singapore and SANS Live Online
  9. SANS DFIR Summit & Training 2023: August 5-10, 2023 (Austin, TX and SANS Live Online)
  10. SANS Network Security 2023: September 6-11, 2023 (Las Vegas, NV and SANS Live Online)
  11. Private Event: October 2-6, 2023 (SANS Live Online)
  12. SANS London November 2023: November 6-11, 2023 (London, UK and SANS Live Online)
  13. Private Event: December 11-16, 2023 (Ft Walton Beach, FL)
  14. SANS London January 2024: January 8-13, 2024 (London, UK and SANS Live Online)
  15. Private Event: February 5-10, 2024 (Ft Walton Beach, FL)
  16. SANS 2024: March 24-29, 2024 (Orlando, FL and SANS Live Online)

Formal Presentations

SOF-ELK®: A Free, Scalable Analysis Platform for Forensic, Incident Response, and Security Operations

There is no shortage of digital evidence, with many DFIR and Security Operations teams handling terabytes of log and network data per week. This amount of data presents unique challenges, and many tools are simply inadequate at such a large scale. Commercial platforms that are up to the task are often far out of budgetary reach for small- and medium-sized organizations.

The Elastic Stack, a big data storage and analysis platform, has become increasingly popular due to its scalability and open-source components. Countless investigative and security teams have incorporated Elastic into their toolkits, often realizing the significant level of effort required to customize and manage such a powerful tool. To overcome some of these hurdles, the SOF-ELK platform was created. SOF-ELK aims to be an appliance-like virtual machine that is preconfigured to ingest and parse several hundred different types of log entries, as well as NetFlow data. The intent is to provide analysts and investigators with a tool that leverages the power of the Elastic Stack with minimal setup time and effort. Originally a part of the SANS FOR572, Advanced Network Forensics & Threat Hunting course, SOF-ELK has been incorporated into additional SANS courses and is released as a free and open-source platform for the overall security community.

In this presentation, we explore SOF-ELK’s use cases, types of log data currently supported, as well as how to load data from live or archived sources. We will also show the various dashboards supplied with the VM and show how new features can be activated through the project’s GitHub repository.

Previous Events: