Training Event Focuses on Digital Forensics

SANS Institute just announced it is bringing its most popular forensic courses together at one event with the introduction of the SANS Digital Forensics and Incident Response Training Event (DFIRCON). This all-forensic event will take place in Monterey, Cal., March 5–10. SANS will also debut two new forensic courses at the event, FOR572: Advanced Network Forensics and Analysis and FOR585: Advanced Smartphone Forensics.

This unique event brings SANS' top forensic experts together to offer attendees one of the industry's most comprehensive DFIR training experiences. Attendees also will have an opportunity to participate in SANS' recently launched NetWars DFIR Tournament and to attend a number of bonus evening seminars which will cover today's most pressing DFIR topics.

According to Phil Hagen, author of FOR572: Advanced Network Forensics and Analysis, "given the scale of today's enterprises and the growing number of devices used by employees, it is increasingly difficult to identify endpoints to examine during a forensic investigation. In many instances, the network has becomes its own medium for incident response and investigation. The ability to use evidence from all kinds of network devices as well as from captured network data itself is critical for successfully addressing threats today and tomorrow." FOR572 provides the tools and methods needed to conduct network investigations within environments of all sizes, using scenarios developed from real-world cases.

According to the co-author of FOR585: Advanced Smartphone Forensics, Heather Mahalik, "often, the smartphone is the only form of digital evidence relating to the investigation. Knowing how to recover all of the data residing on the smartphone is now an expectation in our field; therefore, examiners must understand the fundamentals of smartphone handling, data recovery, accessing locked devices, and manually recovering data hiding in the background on the device to be successful. FOR585 provides this knowledge for mobile device forensics experts of all levels."

DFIRCON will be held in Monterey, Cal., March 5–10, 2014. For more information, including panel and discussion overviews and a complete list of instructors, or to register for the event or one of the courses offered via simulcast, please visit:

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest source for world-class information security training and security certification in the world, offering over 50 training courses each year. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 27 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (

Next >

Forensic Podiatry (Part Two of Two)

THE DISCIPLINE of forensic podiatry—or, in other words, the examination of pedal evidence—has progressed significantly over the past ten years. It is no longer a question of “What can you do with a footprint?” but rather, “Who can we use to evaluate the footprint?” Cases involving pedal evidence, especially bloody footprints and issues of determining shoe sizing or fit issues compared to questioned footwear, have become more common over the past two or three years.