By the Numbers
🔵 1,200+ onsite attendees
🔴 4,500+ virtual participants
🟢 63% corporate incident responders
🟡 22% law enforcement representatives
Keynote Spotlight
“Days of Future Past: GenAI’s DFIR Paradox”
- 4 critical trends transforming investigations:
- AI-generated breadcrumbs in attack patterns
- LLM-assisted malware analysis workflows
- Synthetic identity attacks on cloud environments
- Prompt-injection artifacts as forensic evidence
Technical Breakout Highlights
Mobile Forensics Deep Dive
<DIFF>+ "Dormant iOS Devices": Extracted 17 new artifact types from idle phones+ "Android Find My Device": Mapped 3 novel attack surfaces! Market demand for mobile specialists grew 41% YoY
Cloud Incident Response
| Presenter | Breakthrough Finding |
|---|---|
| Microsoft Team | 4 overlooked Azure log sources with 92% malicious activity detection rate |
| Mandiant | Scattered Spider TTPs exploiting MFA fatigue in 78% of cloud breaches |
Emerging Tools Track
- Strelka v3.0: Processing 1.2TB/hour of forensic data
- Llama Processor: 90% faster than traditional file carvers
- Ghidra GameBoy Plugin: Revolutionizing firmware reverse engineering
Visual Knowledge Capture
[Infographic thumbnail placeholder]
(Graphic recordings available for all sessions – registered attendees access via SANS Portal)
Top 3 Practitioner Takeaways
- APT Persistence Patterns:
- Average dwell time down to 16 days (from 21 in 2023)
- 73% now use victim’s own tools against them
- Drone Forensics:
- DJI Matrice 300 logs contain 14 forensic markers
- Blackout regions create 8.5-hour evidence gaps
- VPN Compromise Forensics:
- Pulse Secure edge devices show 3x more firmware implants
- Memory analysis reveals 71% of beacon patterns
2024 Threat Actor Scorecard
| Group | Techniques | Forensic Signature |
|---|---|---|
| Scattered Spider | MFA fatigue + SIM swaps | Azure AD “hidden rules” |
| Cloud Klepto | SaaS configuration abuse | OAuth token anomalies |
| Ghost Chain | Firmware implants | SPI flash artifacts |
Coming Soon
🎥 Full session recordings (Available 29 August for registrants)
📅 Save the date: DFIR Summit 2025 returning to Salt Lake City
(Word count: 298 | Visual-first knowledge brief)
Critical Resources:
• Access the Summit Slide Decks (Portal → Events → DFIR2024)
• Join the DFIR Toolsmiths Working Group
Action Items:
- Implement new Azure log monitoring within 30 days
- Evaluate drone forensic capabilities for physical security teams
- Schedule team training on Ghidra GameBoy plugin
Emerging Focus Areas:
- Satellite system forensic analysis
- Quantum computing’s impact on evidence integrity
- Automotive ECU investigation techniques
Continuing Education:
- FOR610: Reverse-Engineering Malware (Now with AI-assisted modules)
- CLOUD555: Cloud Forensics and Incident Response
正文完
