Authors: Jess Garcia

DFRWS USA 2025 — “History in the Making” — Jubilee 25th Anniversary

Abstract

Join us for an immersive 4-hour workshop designed to elevate your DFIR skills through the power of AI. This hands-on session will explore the integration of custom Machine Learning models and Generative AI technologies into DFIR workflows, offering practical insights and applications. The workshop is divided into two sessions, each focusing on cutting-edge AI technologies and their practical applications in the field of DFIR.

Part 1: Custom Machine Learning Models for DFIR

  1. Overview: The initial part of the workshop will focus on utilizing lightweight Machine Learning models to address specific tasks related to threat detection and incident response. In many cases, smaller custom models can outperform larger models, including those with trillions of parameters like ChatGPT. They require less computational power, are faster to train and deploy, and can be fine-tuned to capture the nuances of particular problems more effectively than large, general-purpose models.
  2. Key Topics:
    • Introduction to ML models relevant for Threat Detection & Response.
    • Gain hands-on experience with machine learning models, including Long Short-Term Memory (LSTM) networks and Transformers.
    • Guidance for building and configure ML models for Threat Detection & Response.
    • Solving complex DFIR tasks like Lateral Movement detection, UEBA (User and Entity Behavior Analysis), and anomaly detection.
    • Practical Exercises: Step-by-step guide to create and deploy custom ML models to perform complex DFIR analysis in real-world scenarios.
  3. Resources: Jupyter Notebooks, Data Science libraries for DFIR (Pandas, ds4n6_lib, Keras, Tensorflow, …)

Part 2: Generative AI Technologies for DFIR

  1. Overview: This part of the workshop will delve into the application of Generative AI models like Large Language Models (LLMs) to solve many of the most challenging tasks that we face in our investigations today. After covering the most important concepts, tools & resources you need to know related to Generative AI for DFIR, we will apply this promising technology to analyze artifacts with a DFIR-Copilot, correlate CTI sources, automate Threat Hunting tasks, and guide forensic investigations with AI- Agents.
  2. Key Topics:
    • Understanding the basics of Generative AI and its relevance in DFIR.
    • Explore the role of Generative AI in DFIR and why it is a game-changing technology.
    • Practical applications of LLMs for Threat Detection & Response.
    • Enhancing and automating DFIR workflows with AI-Agents.
    • Solving everyday DFIR challenges using Generative AI.
    • Practical Exercises: Gain hands-on experience solving common investigative tasks with Large Language Models. Create custom GPTs and Copilots to analyze forensic artifacts, and configure AI-Agents to tackle the most complex DFIR challenges we face today.
  3. Resources: Jupyter Notebooks, ChatGPT API, LLM frameworks (LangChain, LlamaIndex, LangGraph, …)

Who Should Attend

  • DFIR Professionals
  • Cybersecurity Analysts
  • Incident Response Teams
  • Anyone interested in leveraging AI for digital forensics and incident response

Why Attend

  • Gain practical knowledge of integrating AI into DFIR tasks
  • Learn to utilize both classical and Generative AI models
  • Enhance your ability to automate and improve DFIR workflows

Biography

Jess Garcia
Jess Garcia

Jess Garcia is the Founder of the global Cybersecurity/DFIR firm One eSecurity and a Senior Instructor with the SANS Institute.

During his 25+ years in the field, Jess has led a myriad of complex multinational investigations for Fortune 500 companies and global organizations.

As a founder of One eSecurity, Jess has led his company to become a world-wide service provider for large global customers, providing highly specialized services & technology in the Detection & Response areas.

As a SANS Instructor, Jess stands as one of the most prolific and veteran ones, having taught 10+ different highly technical Cybersecurity/DFIR courses in hundreds of conferences world-wide over the last 22+ years.

Jess has also been a pioneer in the area of AI for Detection & Response. With the mission of bringing Data Science/AI to the DFIR field, Jess launched in 2020 the DS4N6 initiative (www.ds4n6.io), under which he is leading the development of multiple open source tools, standards and analysis platforms for DS/AI+DFIR interoperability. After the advent of Generative AI / LLM Platforms, Jess and his team at One eSecurity are pioneering the field again by defining how organizations should transform their Detection & Response teams and processes, via the introduction of AI in every aspect of the Detection & Response life cycle (CTI, Threat Hunting, Forensic Investigations, etc.).

Jess is a globally recognized cybersecurity expert, regularly speaking at the top Cybersecurity conferences all around the world.

Downloads