Training Event Focuses on Digital Forensics

SANS Institute just announced it is bringing its most popular forensic courses together at one event with the introduction of the SANS Digital Forensics and Incident Response Training Event (DFIRCON). This all-forensic event will take place in Monterey, Cal., March 5–10. SANS will also debut two new forensic courses at the event, FOR572: Advanced Network Forensics and Analysis and FOR585: Advanced Smartphone Forensics.

This unique event brings SANS' top forensic experts together to offer attendees one of the industry's most comprehensive DFIR training experiences. Attendees also will have an opportunity to participate in SANS' recently launched NetWars DFIR Tournament and to attend a number of bonus evening seminars which will cover today's most pressing DFIR topics.

According to Phil Hagen, author of FOR572: Advanced Network Forensics and Analysis, "given the scale of today's enterprises and the growing number of devices used by employees, it is increasingly difficult to identify endpoints to examine during a forensic investigation. In many instances, the network has becomes its own medium for incident response and investigation. The ability to use evidence from all kinds of network devices as well as from captured network data itself is critical for successfully addressing threats today and tomorrow." FOR572 provides the tools and methods needed to conduct network investigations within environments of all sizes, using scenarios developed from real-world cases.

According to the co-author of FOR585: Advanced Smartphone Forensics, Heather Mahalik, "often, the smartphone is the only form of digital evidence relating to the investigation. Knowing how to recover all of the data residing on the smartphone is now an expectation in our field; therefore, examiners must understand the fundamentals of smartphone handling, data recovery, accessing locked devices, and manually recovering data hiding in the background on the device to be successful. FOR585 provides this knowledge for mobile device forensics experts of all levels."

DFIRCON will be held in Monterey, Cal., March 5–10, 2014. For more information, including panel and discussion overviews and a complete list of instructors, or to register for the event or one of the courses offered via simulcast, please visit:

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest source for world-class information security training and security certification in the world, offering over 50 training courses each year. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 27 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (

Next >

Court Case Update

FINGERPRINT EVIDENCE went through a nearly three-year ordeal in the New Hampshire court system, but eventually emerged unscathed. On April 4, 2008, the New Hampshire Supreme Court unanimously reversed the decision of a lower court to exclude expert testimony regarding fingerprint evidence in the case of The State of New Hampshire v. Richard Langill. The case has been remanded back to the Rockingham County Superior Court.