DFIR Conference Tips

This week I share some thoughts on how to approach DFIR conferences to maximize the experience. There are many to choose from and having an analytical approach may get you exactly what you want for your time and money.

Show Notes

A listener recently asked me about my thoughts on which conferences offer the best value for digital forensics and eDiscovery topics. It got me thinking, many of us have the opportunity to select an annual conference to attend. There are so many out there it is difficult sometimes to figure out which one is the best for you. Here is my approach, offered to the audience for any help it may bring.

In general, I find the following conferences are good choices for digital forensic topic and eDiscovery:

Remember, just because a conference has a solid history does not mean it is right for you. These examples are offered as a great place to start your search and consideration. I tend to put more weight in the speakers. The DFIR community is full of excellent presenters. The trick, and something I do not see many people do, is get the list of speakers and topics and do a little research. Vendors in particular have been guilty of putting up exciting topic titles only to have the actual talk be a 90 minute commercial for their product. To avoid this, conduct a little “Google-fu” on the speakers that are lecturing on topics you are interested in. You may quickly learn about their body of work, reputation and other talks they have given. In short, look for conferences with good speakers that you have verified. It helps ensure a better experience. Do not automatically discount vendor sessions either, do the same research and you will find the ones that deliver great value for your time.

Conferences that offer labs should be considered. There is nothing better than hand-on learning. These slots tend to be limited as they are often very popular. Make sure you learn if it is BYOL (bring your own laptop) or if they will have an actual lab with computers. A lab stocked with computers tends to run smoother as the systems have been set up and tested (usually) for participants. Also look at the length of the lab. I find the ones that are double sessions get into the details I am looking for and also give me chance to explore on my own.

SDF Training Class of the Week

Learn More

Windows Shellbag Forensics

Find evidence of directories accessed by a user
Learn More