06-05, 15:00–15:40 (Europe/Stockholm), Main stage
Traditional digital forensics and incident response (DFIR) techniques often fall short, struggling to keep up with the speed and scale required by modern environments. This talk explores the limitations of these traditional methods, examining why they can be slow and challenging to scale effectively. Attendees will gain insight into innovative open source tools and techniques that enable faster, more scalable incident response processes—helping teams respond to incidents with greater agility.
Digital Forensics and Incident Response (DFIR) teams face unprecedented challenges in today's large, distributed, and complex IT environments. The exponential growth of data, cloud-native architectures, and sophisticated attack techniques demands a fundamental shift in our incident response approach. Traditional methods often resemble post-incident autopsies, while defenders need to engage threats proactively—before significant damage occurs.
This presentation will explore:
- Current challenges with traditional DFIR approaches in modern environments
- Why legacy forensics tools and methodologies often fail to scale
- The impact of cloud computing and containerization on incident response
- Modern techniques for rapid triage and investigation at scale
- Automation strategies to handle high-volume investigations
- How all of this can be accomplished with 100% free and open source tooling
Attendees will learn practical strategies for modernizing their incident response capabilities, focusing on techniques they can implement immediately to improve investigation efficiency and effectiveness. The presentation will demonstrate modern open source tools and workflows that help teams tackle increasingly complex incidents while maintaining investigation quality.
Whether you're a seasoned incident responder looking to scale your capabilities or an organization building a modern security operations center, this talk will provide valuable insights into the future of incident response.
Eric Capuano is a Director at LimaCharlie and a SANS DFIR Instructor with over a decade of experience in Security Operations, Digital Forensics, and Incident Response. He began his Information Security career as a Tactics Developer for the United States Air Force, later transitioning to Cyber Warfare Operations. After his military service, Eric led cybersecurity operations across private and government sectors, including serving as CTO of Recon Infosec, a company he founded to deliver enterprise-grade security to organizations of all sizes. In 2016, he developed OpenSOC, a blue team CTF that has trained thousands of SOC and IR professionals worldwide. Eric also managed the Security Operations Center for the Texas Department of Public Safety, where he established the agency's first CSIRT. In his spare time, Eric shares technical training labs on his blog at https://blog.ecapuano.com. His certifications include GIAC, GCFE, GCFA, CEH, Security+, Linux+, LPIC-1, PCNSE, and A+.
Whitney is the lead solutions architect at LimaCharlie and a co-founder and former lead architect of Recon InfoSec. She is a seasoned security architect and engineer with over 15 years of experience in designing and automating large-scale security infrastructure. She began her journey as a web and flash developer and sysadmin in the 90s and early 2000s, and after college became a security analyst for the Navy. Her work spans across building advanced security platforms, managing complex multi-environment deployments, and architecting comprehensive solutions that integrate cutting-edge tools and technologies. This includes building, automating, and maintaining the range environments and platforms used to drive and support our trainings. With extensive experience in both the private and public sectors, she excels at automating and orchestrating massive environments and streamlining security operations. Whitney’s passion for security and infrastructure drives her to continuously innovate and enhance the efficiency of security teams and operations. Her certifications include RHCA, RHCE, RHCVA, CISSP, CEH, Security+, Linux+, among others.