DFIR Summit 2016: Plumbing the Depths - Windows Registry Internals
Plumbing the Depths: ShellBags - SANS DFIR SUMMIT
Open-Source DFIR Made Easy: The Setup - SANS Digital Forensics & Incident Response Summit 2017
Determining Files and Folders Accessed in OS X - SANS DFIR Summit 2015
Rocking your Windows EventID with ELK Stack - SANS DFIR Summit 2016
Using Endpoint Telemetry to Accelerate the Baseline - SANS DFIR Summit 2016
DFIR Summit 2016: Incident Detection and Hunting at Scale: An Introduction to Osquery
Who Watches the Smart Watches? - SANS DFIR Summit 2016
Trust but Verify: Why, When and How - SANS DFIR Summit 2016
The Cider Press: Extracting Forensic Artifacts from Apple Continuity - SANS DFIR Summit 2017
SANS DFIR Webcast - Detecting Evil on Windows Systems - An In Depth Look at the DFIR Poster
iOS of Sauron: How iOS Tracks Everything You Do- SANS DFIR Summit 2016
MIG: Mozilla’s Distributed Platform for Real-Time Forensics of Endpoints - SANS DFIR Summit 2015
SANS DFIR Webcast | Hands on USN Journal Analysis
Did I do that? - Understanding action & artifacts w/ Matthew Seyer & David Cowen - SANS DFIR Summit
A Technical Autopsy of the Apple - FBI Debate using iPhone forensics | SANS DFIR Webcast
AmCache Investigation - SANS Digital Forensics & Incident Response Summit 2019
Need for Speed: Malware Edition - SANS DFIR SUMMIT
Windows Live Forensics
DNS queries - Walk Softly and Carry 26 Trillion Sticks - DFIR Summit 2015
