- 60-Second Recap
1,900 virtual + 410 in Salt Lake City, zero vendor keynotes, 18 new open-source tools forked on-site, 3 new CVEs reserved before happy hour. - Sketch-Notes Reloaded
Ashton Rodenhiser’s murals are now vector PDFs (CC-BY 4.0).
Dark-mode SVGs generated withpotrace+svg-termso you can grep for IOCs. - Top 5 Micro-Repos Born in the Room
Strelka-NEXT– YAML-less, Go-only rewrite; 4× faster rule compile.Cloud-Kleptos-Hunter– Sigma rules for Scattered Spider MFA-bypass TTPs.Mac-Quick-Image– Bash wrapper aroundapfs-snapshotthat streams to S3 viarclone; no root needed on Apple-Silicon.Drone-Bit-Plot– Parses DJI.datflight logs into Timesketch plaso.Llama-Drama-Free– Julia rewrite of the Aon file processor; adds AVX-512 hash slicing.
- 2025 Preview—Call for 10-Minute Lightning Stories
Submit a GitHub issue tosans-dfir/lightning-2025with:
– Link to repo (< 500 MB)
– Dockerfile that builds in < 5 min onubuntu:24.04
– 3-slide deck (max) exported to PDF
Deadline: 15 Feb 2025. Accepted talks get a free Chromebook and an LPE challenge seed. - New Data Sets Released
–APT-3x-Env– 48-h full-packet capture (Qinling, Gelsemium, Vixen Panda) in PCAP-NG + Zeek TSV.
–iOS-Dormant-14– 20 GB logical images of factory-reset iPhones left offline for 90 days; includesmobile_installation.loganomalies.
–VPN-Appliance-Compromise-23– Memory dumps of 3 firewall brands (RCE via CVE-2024-####) in lime format. - AI Corner—GenAI Impact Keynote, Now Text
Dr. M. Ridley released the transcript + 6-slide prompt deck under MIT license; key figure shows 37 % drop in mean-time-to-detect when analysts used a local LLM fine-tuned on past SANS cases vs. stock ChatGPT. - How to Cite the Art
Rodenhiser, A. (2024). SANS DFIR Summit Graphic Recordings. Zenodo.
(BibTeX snippet in repo.) - Next Physical Meet
DFIR Summit EU – 18-19 Jun 2026, Barcelona. CFP opens 01 Dec 2025.
Focus themes: post-quantum log integrity, drone forensics, & cloud tenant isolation failures. - Keep the Thread Alive
#dfir-sketchon SANS Slack – post your IOC, get a hand-drawn sticker by Ashton mailed anywhere carbon-neutral.
正文完
