Abstract: There is no doubt that Data Science is a powerful weapon for analyzing many types of data, and DFIR data is no exception.
DFIR data (Logs, Artifacts, Network Traffic, etc.) can be transformed from its typical proprietary format to json or csv by means of computer forensic tools, making it ready for powerful analytic Data Science tools (Jupyter, pandas, matplotlib, etc.). But... can you solve a Digital Forensics Investigation using just Data Science tools? What are the advantages? How can you do it?
In this workshop, which is directed to both a Data Science audience who may want to learn DFIR, and a DFIR audience who may want to learn Data Science, Jess Garcia will explain the fundamentals of Data Science and DFIR, and will lead the audience through all the different steps of an end-to-end investigation using exclusively Data Science tools and techniques. In the process, Jess will introduce multiple forensic artifacts and will explain the value they provide to the overall investigation.
Jess will also introduce CHRYSALIS, a framework created by the DS4N6 community to bridge the Data Science and DFIR worlds, and will use the powerful capabilities it provides for reading, processing and analyzing DFIR data in order to facilitate and speed up the analysis and solve the case.
Bio: Jess Garcia is the Founder of the global Cybersecurity/DFIR firm One eSecurity and a Senior Instructor with the SANS Institute.
During his 25 years in the field, Jess has led a myriad of complex multinational investigations for Fortune 500 companies and global organizations. As a SANS Instructor, Jess stands as one of the most prolific and veteran ones, having taught 10+ different highly technical Cybersecurity/DFIR courses in hundreds of conferences world-wide over the last 19 years.
Jess is also an active Cybersecurity/DFIR Researcher. With the mission of bringing Data Science/AI to the DFIR field, Jess launched in 2020 the DS4N6 initiative (www.ds4n6.io), under which he is leading the development of multiple open source tools, standards and analysis platforms for DS/AI+DFIR interoperability.