← All talks
Topic

DFIR talks at BSides

229 talks tagged DFIR from 72 chapters of BSides events worldwide.

Related topics
BlueCase Studies and Incidents AnalysisTechnicalTalkIntermediaryWar Stories
49:41
Open Source Malware Lab
Robert Simmons
BSides London · 2016
TechnicalDFIRDetection EngineeringMalware AnalysisIntermediaryBlueTechnical Deep-divesTalk
Open →2016-07
54:05
The Road to Hell is Paved with Bad Passwords
Chris Kubecka
BSides Las Vegas · 2019
War StoriesDFIRThreat IntelCase Studies and Incidents AnalysisTalk
Open →2019-10
27:37
PowerShell-Fu — Hunting on the Endpoint
Chris Gerritz
BSides Las Vegas · 2016
TechnicalDFIRMalware AnalysisThreat IntelBlueTechnical Deep-divesTalk
Open →2016-08
41:15
OSTrICa – Open Source Threat Intelligence Collector
Roberto Sponchioni
BSides London · 2016
TechnicalDFIRThreat IntelToolingDemoTalk
Open →2016-07
41:25
Command-Line Obfuscation: You Can Run, _and_ You Can Hide
Wietze Beukema
BSides Dublin · 2024
TechnicalDFIRDetection EngineeringTalk
Open →2024-06
2:08:11
Windows Forensics Workshop
Ali Hadi
BSides Amman · 2021
TechnicalDFIRIntermediaryWorkshop
Open →2021-07
51:37
Security Onion: Peeling Back the Layers of Your Network in Minutes
Doug Burks
BSides Augusta · 2013
TechnicalToolingDFIRDetection EngineeringNetwork SecurityBlueDemoTalk
Open →2013-09
1:05:41
Hunting for Credential Dumping Attacks in Modern Windows Environments
Andrew Case
BSides Philly · 2023
TechnicalActive DirectoryDFIRMalware AnalysisBlueTalk
Open →2024-01
44:35
Anti-forensics Techniques Used By Threat Actors In The Wild
Hela Lucas
BSides London · 2024
TechnicalDFIRMalware AnalysisBlueCase Studies and Incidents AnalysisTalk
Open →2024-02
51:34
Let's Get Cooking with CyberChef
Marcelle Lee
BSides Charm · 2022
TechnicalDFIRMalware AnalysisThreat IntelTalk
Open →2022-07
38:26
The Woman Who Squashed Terrorists When an Embassy Gets Hacked
Chris Kubeka
BSides Cape Town · 2019
War StoriesDFIRThreat IntelBlueCase Studies and Incidents AnalysisKeynote
Open →2019-12
42:44
Threat Hunting On Linux And Mac With Auditbeat System Module
Aaron Jewitt
BSides Luxembourg · 2019
TechnicalDFIRDetection EngineeringBlueTalk
Open →2019-11
29:48
Kevin Breen: RATs and IOC's - The Easy Way
Kevin Breen
BSides London · 2014
TechnicalDFIRMalware AnalysisThreat IntelTalk
Open →2014-05
55:21
IoT 4n6: The Growing Impact of the Internet of Things on Digital Forensics
Jessica Hyde
BSidesROC · 2018
TechnicalDFIRIoTTalk
Open →2018-08
56:31
Using JA3: Asking for a Friend?
Justin WarnerEd Miles
BSides DC · 2019
TechnicalCryptographyDFIRDetection EngineeringNetwork SecurityBlueRedTalk
Open →2019-11
36:18
Macabre Stories of a Hacker in the Public Health Sector (Chile)
Philippe Delteil
BSides Cape Town · 2019
War StoriesDFIRPrivacyVulnerability ResearchBlueCase Studies and Incidents AnalysisTalk
Open →2019-12
24:45
Honeydocs and Offensive Countermeasures
Roy Firestein
BSides Toronto · 2014
TechnicalDFIRThreat IntelBlueDemoTalk
Open →2014-12
45:56
Flash Memory, NAND, ECC, Oh My! Practical Techniques for Acquiring and Processing Raw NAND Images
Jake Valletta
BSides Charleston · 2022
TechnicalDFIRHardware HackingIoTReverse EngineeringTechnical Deep-divesTalk
Open →2023-01
30:07
GSuite Digital Forensics and Incident Response
Megan Roddie
BSides SATX · 2018
TechnicalCloud IAMDFIRIntermediaryBlueCase Studies and Incidents AnalysisTalk
Open →2018-07
46:36
Incident Management with PowerShell
Matt Johnson
BSides Detroit · 2013
TechnicalDFIRBlueTalk
Open →2013-06
27:24
Cold Case — Catch a Killer in 16 Bytes
Iggy
BSides Canberra · 2021
TechnicalWar StoriesDFIRHardware HackingReverse EngineeringAdvancedCase Studies and Incidents AnalysisTechnical Deep-dives+1
Open →2021-04
37:51
Building an Effective Intrusion Detection Program
Jason Craig
BSidesSF · 2017
TechnicalDFIRDetection EngineeringThreat IntelBlueTalk
Open →2017-03
31:32
Maersk: The Ransomware Survivors
Endrin Musa
BSides Prishtina · 2017
TechnicalDFIRMalware AnalysisSupply Chain SecurityIntermediaryCase Studies and Incidents AnalysisTalk
Open →2023-05
33:40
Quick And Easy Forensic Timelines Via Sysmon, WEF, And ELK
Aaron Jewitt
BSides Munich · 2019
TechnicalDFIRDetection EngineeringBlueTalk
Open →2019-03
22:40
Pensieve: Finding Malicious Artifacts in Container Environments
Yathi Naik
BSidesSF · 2018
TechnicalContainer SecurityDFIRMalware AnalysisIntermediaryBlueTechnical Deep-divesTalk
Open →2018-04
28:47
Learning from AWS Customer Security Breaches
Rami McCarthy
Bsides CT · 2020
TechnicalCloud IAMDFIRIntermediaryCase Studies and Incidents AnalysisTalk
Open →2020-11
50:28
Estonian Electronic Identity Card and its Security Challenges
Arnis Paršovs
BSides Tallinn · 2021
ResearchCryptographyDFIRAdvancedCase Studies and Incidents AnalysisTechnical Deep-divesTalk
Open →2021-10
47:19
The Dangers of Working in Cyber Security
Simon Whittaker
BSides Belfast · 2017
War StoriesCareer & Soft SkillsDFIRThreat IntelCase Studies and Incidents AnalysisTalk
Open →2017-10
40:43
Digital Forensics: The Missing Piece of Internet of Things Promise
Ali Dehghantanha
BSides Manchester · 2017
ResearchDFIRIoTTalk
Open →2017-08
20:25
Leveraging Osquery for DFIR at Scale
Sohini Mukherjee
BSidesSF · 2020
TechnicalDFIRDetection EngineeringIntermediaryTalk
Open →2020-03
29:14
Alex Kirk - Incident response and threat hunting using Bro/Zeek data
Alex Kirk
BSides Augusta · 2019
TechnicalDFIRDetection EngineeringThreat IntelIntermediaryBlueCase Studies and Incidents AnalysisTechnical Deep-dives+1
Open →2019-10
30:15
Incident Response Evidence Collection & Triage
John Meyers
BSides Peru · 2017
TechnicalDFIRMalware AnalysisBlueDemoTalk
Open →2017-06
26:00
Exposed Secrets — How Public Git Repositories and Docker Images Expose Millions of Secrets
Mackenzie Jackson
BSidesSF · 2022
ResearchDFIRSupply Chain SecurityThreat IntelCase Studies and Incidents AnalysisEmpirical ResearchTalk
Open →2022-07
41:24
BSides Perth Day 1 (Part 2)
BSides Perth · 2021
TechnicalDFIRDetection EngineeringMalware AnalysisTalk
Open →2021-09
51:56
Unbreaking the iPhone: Bootchain Reversal, SEP Sabotage, and the iOS Kernel Frontier
Jack Sessions
BSides Canberra · 2025
TechnicalDFIRMobile SecurityReverse EngineeringAdvancedRedTechnical Deep-divesDemo
Open →2025-11
45:13
Analyzing volatile memory on a Google Kubernetes Engine node
Marcus Hallberg
BSides NYC · 2023
TechnicalCloud IAMContainer SecurityDFIRDemoTalk
Open →2023-06
8:26:49
Thinking Outside the SOC: Structured Analytical Techniques for the Overloaded Cyber Analyst
Haley BeamAlina Thai
BSides Las Vegas · 2025
TechnicalDFIRDetection EngineeringThreat IntelTalk
Open →2025-08
37:47
Don't Google 'PowerShell Hunting'
Josh RykowskiSean Eyre
BSides Augusta · 2017
TechnicalDFIRDetection EngineeringMalware AnalysisTalk
Open →2017-09
58:14
Velociraptor: Digging Deeper
Michael Cohen
BSides Sydney · 2019
TechnicalDFIRThreat IntelBlueDemoTalk
Open →2019-09
36:38
Forensics Impossible: Self-Destructing Thumb Drives
Brandon Wilson
BSides Knoxville · 2016
TechnicalDFIRHardware HackingReverse EngineeringAdvancedRedTalk
Open →2016-06
38:25
Matriux Leandros: An Open Source Penetration Testing and Forensic Distribution
Prajwal Panchmahalkar
BSides Las Vegas · 2013
TechnicalDFIRToolingTalk
Open →2017-01
1:00:10
Threat Hunting In Practice - Michael-Angelo Zummo
Michael-Angelo Zummo
BSides KC · 2022
TechnicalDFIRThreat IntelBlueTalk
Open →2022-10
44:37
Malware Analysis for the Masses
Shawn Thomas
BSides Charm · 2022
TechnicalDFIRMalware AnalysisIntroBlueDemoTalk
Open →2022-07
38:01
Living on the Edge: Evicting Threat Actors from Perimeter Appliances
Evgen BlohmMarius Genheimer
BSides Frankfurt · 2025
TechnicalDFIRNetwork SecurityVulnerability ResearchAdvancedBlueCase Studies and Incidents AnalysisTechnical Deep-dives+1
Open →2025-12
43:12
Tracking Malicious Logon: Visualize and Analyze Active Directory Event Logs
Shusei TomonagaTomoaki Tani
BSides Las Vegas · 2018
TechnicalActive DirectoryDFIRThreat IntelBlueTalk
Open →2018-09
51:16
Rosetta 2: Keeping Mac Malware Alive for Years to Come
Raphaela MettigCharles Glass
BSides Dallas/Fort Worth · 2022
ResearchTechnicalDFIRMalware AnalysisReverse EngineeringAdvancedEmpirical ResearchTechnical Deep-dives+1
Open →2022-11
20:58
Modifying WhatsApp Messages
Yuri Livshitz
BSides TLV · 2021
TechnicalDFIRMobile SecurityTechnical Deep-divesDemo
Open →2021-08
32:39
Unpacking Impacket: Detect remote execution of offensive tools
Tyler Bohlmann
BSides SLC · 2022
TechnicalActive DirectoryDFIRDetection EngineeringBlueTalk
Open →2023-01
33:46
Is the Power Grid a Huge Cybersecurity Risk?
Vivek Ponnada
BSides Vancouver · 2021
TechnicalCritical InfrastructureDFIRNetwork SecurityTalk
Open →2021-06
27:32
Behind the Curtain of Dark Web and Cybercrime Operations
Alexander Wilczek
BSides Canberra · 2025
ResearchTechnicalCryptographyDFIRThreat IntelTalk
Open →2025-12
29:00
Unraveling the Russian Snake: Turla
BSides Dallas/Fort Worth · 2022
TechnicalDFIRMalware AnalysisThreat IntelBlueCase Studies and Incidents AnalysisTechnical Deep-divesTalk
Open →2022-11
59:08
Closed For Business: Taking Down Darknet Markets
John Shier
BSides Cymru Wales · 2019
TechnicalDFIROSINTThreat IntelTalk
Open →2019-10
52:06
No Disassembly Required
Brian Satira
BSides Peru · 2018
TechnicalDFIRMalware AnalysisReverse EngineeringBlueTalk
Open →2018-06
18:48
Think You're Stealthy? How to Detect Attacks in AD
Rachit AroraSai Sathvik RuppaAakash Raman
BSides Charm · 2025
TechnicalActive DirectoryDFIRDetection EngineeringIntermediaryBlueTalk
Open →2025-05
58:25
Characteristics of Emotet Infections
Brad Duncan
BSides Augusta · 2022
TechnicalDFIRMalware AnalysisThreat IntelCase Studies and Incidents AnalysisTechnical Deep-divesTalk
Open →2022-10
47:45
Windows 10 DFIR and InfoSec Challenges
Andrew Case
BSides Las Vegas · 2019
TechnicalDFIRMalware AnalysisBlueTechnical Deep-divesTalk
Open →2019-10
55:44
Fernando Tomlinson - Gaining 20/20 vision during an incident with PowerShell
Fernando Tomlinson
BSides Augusta · 2019
TechnicalDFIRDetection EngineeringMalware AnalysisBlueTalk
Open →2019-10
39:38
10 Things I Wish Every CISO Knew Before an Incident: A View from the IR Trenches
Patterson Cake
BSides Knoxville · 2023
TechnicalDFIRGRCTalk
Open →2023-05
25:56
How to take cookies from the Cookie Monster: Genesis Market Takedown
John Fokker
BSides TLV · 2023
War StoriesDFIRMalware AnalysisThreat IntelBlueCase Studies and Incidents AnalysisTalk
Open →2023-07
1:27:23
Analyzing Maldocs: Macro-soft Edition
Syed Hasan
BSides Pakistan · 2021
TechnicalDFIRMalware AnalysisReverse EngineeringBlueTalk
Open →2021-11
23:03
The Little Phone That Could Ch-ch-chroot
Mathew EvansJack Whitter-Jones
BSides London · 2019
TechnicalDFIRMobile SecurityThreat ModelingAdvancedRedTalk
Open →2019-06
57:51
Will Schroeder & Max Harley - Meet Your Nemesis: Fighting Data With Data
Will SchroederMax Harley
BSides Augusta · 2023
TechnicalDFIRThreat IntelAdvancedRedTalk
Open →2023-10
23:23
Why should I care about my Metadata?
Conor Aitken
BSides Perth · 2023
TechnicalDFIRThreat IntelTalk
Open →2023-08
45:12
Choose Your Own Adventure: Group Interactive IR Scenario
Bryson Bort
BSides Tampa · 2024
TechnicalDFIRThreat IntelIntroBlueWorkshop
Open →2024-04
16:07
Disabling Drones: Disruption and Forensic Data Analysis
Paavai Aram
BSides London · 2025
TechnicalDFIRVulnerability ResearchWireless SecurityRedCase Studies and Incidents AnalysisTechnical Deep-divesDemo+1
Open →2025-02
50:01
Grapl — A Graph Platform for Detection and Response
Colin O'Brien
BSides Las Vegas · 2019
TechnicalDFIRDetection EngineeringThreat IntelBlueTalk
Open →2019-10
29:07
SOC Analyst's Arsenal: Essential Tools, Tips & Tricks For Effective Investigations
Samuel Kavaler
BSides Munich · 2023
TechnicalDFIRDetection EngineeringToolingIntermediaryBlueTalk
Open →2023-10
38:30
Maximising the Impact of OSINT in Investigations
Ruth McAlister
BSides Belfast · 2023
ResearchTechnicalDFIROSINTThreat IntelCase Studies and Incidents AnalysisEmpirical ResearchTalk
Open →2023-11
49:49
Closing the Visibility Gap: Threat Hunting with Hawk in the Microsoft Cloud
Jonathan ButlerLorenzoPaul Navarro
BSides Charm · 2025
TechnicalToolingCloud IAMDFIRDetection EngineeringBlueDemoTalk
Open →2025-05
24:20
Google Workspace Forensics – Insights from Real-World Hunts & IR
Ariel SzarfDoron Karmi
BSides TLV · 2023
TechnicalCloud IAMDFIRCase Studies and Incidents AnalysisTechnical Deep-divesTalk
Open →2023-07
29:35
From Hours To Minutes: Automating Incident Response Triage With Open-Source Tools
Markus Einarsson
BSides Munich · 2025
TechnicalDFIRDetection EngineeringThreat IntelBlueTalk
Open →2026-02
27:21
Blue Team Keynote by Lisa Forte
Lisa Forte
BSides Leeds · 2023
TechnicalDFIRThreat IntelBlueKeynote
Open →2023-07
34:13
From Panic To Protocol: Digital Forensics & Incident Response
Rory Wagner
BSides Leeds
TechnicalDFIRIntroBlueTalk
Open →2024-08
20:27
Georgios Karantzas - It's Duck Season: Forensic Detection of BadUsb Attacks
Georgios Karantzas
BSides TLV · 2023
TechnicalDFIRDetection EngineeringHardware HackingTalk
Open →2023-07
55:01
Intel AMT: Using & Abusing the Ghost in the Machine
Parth Shukla
BSides Lisbon · 2017
TechnicalDFIRHardware HackingAdvancedTalk
Open →2017-11
38:29
We Take Your Security Seriously (Or Do We?) — The Beer Farmers
BSides Scotland · 2019
CommunityWar StoriesDFIRPrivacyThreat IntelIntroCase Studies and Incidents AnalysisTalk
Open →2019-04
53:27
Unparalleled Remote Desktop Monitoring: Revealing Attackers' Tradecraft
Olivier BilodeauAdrian Beron
BSides Augusta · 2023
ResearchDFIRMalware AnalysisNetwork SecurityThreat IntelBlueCase Studies and Incidents AnalysisEmpirical Research+1
Open →2023-10
40:07
Navigating the Shadows: KYC, AML, and Cyber Threat Intelligence
Jonathan Gonzalez
BSides SATX · 2024
TechnicalDFIRThreat IntelTalk
Open →2024-06
36:05
Not BigData, AnyData
Martin Holste
BSides Augusta · 2013
TechnicalDFIRDetection EngineeringThreat IntelIntermediaryBlueTalk
Open →2013-09
29:09
DFIR in 2022: The Wild Wild East
Jack RutherfordRichard Grainger
BSides Sydney · 2022
TechnicalDFIRMalware AnalysisThreat IntelBlueCase Studies and Incidents AnalysisTalk
Open →2023-03
53:55
The Evolution of Cyber Security and What to Expect Next
Eric Eifert
BSides Athens · 2026
CareerDFIRThreat IntelCase Studies and Incidents AnalysisKeynote
Open →2024-03
49:09
Rastrea2r: Multi-Platform Threat Hunting and Incident Response
Sudheendra S Bhat
BSides PDX · 2018
TechnicalDFIRThreat IntelTalk
Open →2019-02
45:20
SocVel Live: Command The Breach
Jaco Swanepoel
BSides Joburg
TechnicalDFIRDetection EngineeringThreat IntelBlueWorkshop
Open →2025-09
16:59
DanderSpritz: A case study in Nation State Post-Exploitation Framework Capabilities & Defense Strategies
Francisco Donoso
BSides KC · 2018
TechnicalDFIRMalware AnalysisThreat IntelAdvancedRedCase Studies and Incidents AnalysisTechnical Deep-dives+1
Open →2018-06
24:10
Digital Forensics: Myths, Legends and Reality
Lauren Spokes
BSides Newcastle · 2025
TechnicalWar StoriesDFIRBlueCase Studies and Incidents AnalysisTalk
Open →2025-01
26:06
DarkEngine: Conducting Research into a Highly Orchestrated Phishing Campaign
Liam Wilkinson
BSides Canberra · 2025
ResearchDFIRMalware AnalysisSocial EngineeringThreat IntelCase Studies and Incidents AnalysisTechnical Deep-divesTalk
Open →2025-12
59:53
USB Device Analysis
James Habben
BSides SLC · 2017
TechnicalDFIRHardware HackingMalware AnalysisIntermediaryBlueCase Studies and Incidents AnalysisMethodology+1
Open →2017-06
40:24
Deductive Reasoning: File Analysis Techniques
John LaycockChris Rogers
BSides DC · 2015
TechnicalDFIRMalware AnalysisIntroTalk
Open →2015-11
29:55
SOCs and Shoes
Shawn Thomas
BSides Charm · 2022
CareerDFIRDetection EngineeringBlueTalk
Open →2022-07
47:07
True Story: I Saw Phishing Done by a Panda(Doc)
Fernando Tomlinson
BSides Augusta · 2022
TechnicalDFIRSocial EngineeringIntermediaryBlueCase Studies and Incidents AnalysisTalk
Open →2022-10
16:01
How Digital Forensics And A Batch Script Helped Me Understand The Infection Chain - Ataur Rahman
Ataur Rahman
BSides London · 2025
TechnicalDFIRMalware AnalysisIntermediaryCase Studies and Incidents AnalysisTalk
Open →2026-03
23:53
Applying Sysmon-type Filtering to Elastic Agent Process Auditing
Josh Brower
BSides Augusta · 2023
TechnicalDFIRDetection EngineeringBlueDemoTalk
Open →2023-10
49:35
OSINT for Incident Investigations
Patterson Cake
BSides Knoxville · 2024
TechnicalDFIROSINTThreat IntelCase Studies and Incidents AnalysisTalk
Open →2024-12
45:14
The Art of Infiltration: Leveraging Trusted Relationships
Vladimir Ožura
BSides Zagreb
TechnicalActive DirectoryDFIRThreat IntelBlueCase Studies and Incidents AnalysisTalk
Open →2025-03
18:07
Ransomware incidents demystified
Thanassis Diogos
BSides Athens · 2021
War StoriesDFIRMalware AnalysisThreat IntelCase Studies and Incidents AnalysisTalk
Open →2021-07
48:20
Victim of Your Own Cyberattack
Henrik NobenStephan Van Dyck
BSides Tallinn · 2025
TechnicalDFIRThreat IntelBlueCase Studies and Incidents AnalysisTalk
Open →2025-10
21:54
Google Workspace Forensics – Insights from Real-World Hunts & IR
Doron KarmiAriel Szarf
BSides Las Vegas · 2023
TechnicalCloud IAMDFIRThreat IntelCase Studies and Incidents AnalysisTechnical Deep-divesTalk
Open →2023-10
25:46
Live Interrogation With Osquery
Josh Brower
BSides Augusta · 2018
TechnicalDFIRDetection EngineeringThreat IntelBlueDemoTalk
Open →2018-10
20:21
Jason Smart & APTs vs the world
Jason Smart
BSides Perth · 2023
TechnicalDFIRMalware AnalysisThreat IntelTalk
Open →2023-08
34:30
When Diplomats Send Beacon — A Retrospective of APT29 Malicious Phishing Campaigns
Mathias Frank
BSides Cymru Wales · 2023
TechnicalWar StoriesDFIRMalware AnalysisThreat IntelCase Studies and Incidents AnalysisTechnical Deep-divesTalk
Open →2023-04
View all 229 talks tagged DFIR →