The world's leading Digital Forensics and Incident Response provider. This feed updates you on latest DFIR news, events, and training.
Joined February 2009
- Tweets 33,180
- Following 104
- Followers 111,055
- Likes 3,986
14,334 Photos and videos
Pinned Tweet
Apr 13
One artifact rarely tells the full story.
Jump Lists. LNK files. Prefetch.
Each captures different activity on a Windows system.
The challenge is connecting them.
👇 Quick reference in the playbook
👉 go.sans.org/RKG6xY
34
124
9,508
Jun 13
The SANS #DFIRSummit CFP is closing soon!
We’re looking for talks on:
- DFIR
- Threat Hunting
- Ransomware & Cyber Extortion
Share your research, tools, case studies, & lessons learned.
Submit by Friday, June 26, 5pm ET
Learn More & Submit a Proposal: go.sans.org/dfir-cfp
2
9
1,751
Jun 9
#DigitalForensics or #IncidentResponse which path is for you?
Join @HeatherMahalik for a live discussion on the new Graduate Certificate in Digital Forensics at @SANS_EDU and how it compares to Incident Response.
📅 July 22 | 12 PM ET
Register now: buff.ly/YcHHrLG
4
11
1,469
Jun 8
#AI in #CTI isn’t just automation. It’s a force multiplier.
The real value is how you apply it alongside analyst judgment.
Check out how that’s built into the updated FOR578: buff.ly/Hk7jEZd
#ThreatIntel #DFIR
3
11
1,521
Jun 4
Identity-based attacks continue to dominate the threat landscape.
@vhumint's blog breaks down key points on credential abuse, infostealers, geopolitical cyber spillover, and #CTI strategies from the latest STAR discussion.
Read more: go.sans.org/7N3UAH
#ThreatIntel
2
9
1,232
Jun 3
📣 The SANS #DFIRSummit CFP is OPEN!
We’re looking for real-world #DFIR, threat hunting, & ransomware talks ft. research, tools, case studies, & lessons learned from the community.
⏰ Submit by Friday, June 26, 5pm ET
➡️ Learn More & Submit: go.sans.org/dfir-cfp
5
16
4,260
Jun 2
Most #CTI training = analysis
FOR578 = analysis workflows decisions
Because #ThreatIntelligence should lead somewhere.
See what’s new in the updated course: buff.ly/Hk7jEZd
#DFIR
1
24
2,629
Jun 1
What’s fueling #Ransomware in 2026? Stolen creds, unmanaged devices, AI, & cheap initial access.
@rj_chap breaks down key findings from Mandiant, CrowdStrike, Chainalysis & Unit 42 reports in this new blog.
Read the blog: go.sans.org/RaL5k6
#DFIR
4
10
1,578
May 31
A fascinating look at AI's growing role in #Cybersecurity.
The @nytimes followed a national #CyberDefense competition where #AI agents helped attack and defend networks. Featured participant @HECFBlog, author of FOR509.
Read the article:
buff.ly/URttsjo
5
1,888
May 28
SANS #DFIRSummit brings front-line practitioners together for 2 days of real-world case studies, tools & research.
🔎 Digital Forensics
🚨 Incident Response
🎯 Threat Hunting
🔐 Ransomware
🗓️ Summit: Oct 15–16
📍 Arlington, VA | All-Access
➡️ Register: go.sans.org/TSSBBf
2
9
1,250
May 27
📣 The SANS #DFIRSummit CFP is OPEN!
We’re looking for talks on:
🔎 DFIR
🎯 Threat Hunting
🛡️ Ransomware & Cyber Extortion
Share your research, tools, case studies, and lessons learned.
⏰ Submit by Friday, June 26, 5pm EDT
➡️ Learn More & Submit: go.sans.org/dfir-cfp
3
14
1,527
May 27
FOR578 update:
• 20 hands-on labs
• Real attacker scenarios
• Stronger workflows
• #AI as a force multiplier
Built to reflect how #CTI teams actually work today.
Learn more: buff.ly/Hk7jEZd
#ThreatIntelligence #DFIR
1
11
1,502
May 21
What do 2026 threat reports actually tell us about today’s landscape?
Join us TODAY as we break down key findings and what they mean for defenders right now.
Tune in at 1 PM EST: buff.ly/etizrzD
#CTI #ThreatIntel #DFIR
1
855
May 20
#CTI isn’t just analysis anymore.
It’s end-to-end workflows.
From requirements to operations , it all has to connect.
FOR578 has been updated to reflect how teams actually work today: buff.ly/Hk7jEZd
#ThreatIntelligence #DFIR
4
22
2,704
May 19
SANS #DFIRSummit returns this fall with advanced sessions from front-line practitioners sharing real-world lessons, tools & research.
🔎 Digital Forensics
🚨 Incident Response
🎯 Threat Hunting
🔐 Ransomware
🗓️ Summit: Oct 15–16
📍 Arlington, VA
➡️ go.sans.org/TSSBBf
2
8
1,013
May 19
Are your #CTI efforts aligned with business risk?
Join us as we explore how leading organizations are bridging the gap between operational intelligence and strategic decision-making.
→ Save your spot: buff.ly/RBfOohq
⭐️ Earn 3 CPEs for attending
#ThreatIntel #SANS
3
926
May 17
This is not an easy task. Congratulations!
The Paller Cybersecurity Scholarship was created to identify and support the most promising new talent across the globe.
Today, we are proud to introduce the 2026 #PallerScholars 🌏🏆
Learn more about the scholarship and this year's winners: sans.edu/pcs
5
2,268
May 16
What is changing in the threat landscape this year?
Hear how attacker behavior is shifting and what trends teams should be paying attention to.
Join us May 21 | 1 PM EST: buff.ly/etizrzD
#CTI #ThreatIntel #DFIR
3
1,225
SANS DFIR retweeted
Apr 10
SANS is launching Find Evil! -- the first hackathon for autonomous incident response AI. Registration opens April 15. $22K in prizes. findevil.devpost.com
4
12
3,666
SANS DFIR retweeted
Cyber threats are moving faster and investigation delays are no longer an option.
That’s why we partnered with @SANSInstitute for the webcast, “Enterprise DFIR at Scale: From Investigation to Response.”
Listen on demand now: bit.ly/48qTFXy
2
3
1,020
May 15
Most #CTI teams don’t lack data. They lack a structured way to turn it into decisions.
That’s where things break down.
We’ve updated FOR578 to focus on turning intelligence into action: buff.ly/Hk7jEZd
#ThreatIntel #DFIR
4
1,288