NetWars DFIR Continuous

NetWars DFIR is specifically focused on digital forensics, incident response, threat hunting, and malware analysis, that is tool-agnostic, from low level artifacts to high level behavioral observations.

Professionals who should consider taking DFIR NetWars include experienced Digital Forensic Analysts, Forensic Examiners, Media Exploitation Examiners, Malware Analysts, Incident Responders, Threat Hunters, Security Operations Center (SOC) Analysts, Law Enforcement Officers, Federal Agents, Detectives, and Cyber Crime Investigators.

Example topics in NetWars DFIR Tournament include:

• Digital Forensics
• Incident Response
• Threat Hunting
• Malware Analysis
• SIFT Workstation (sans.org/tools/sift-workstation)
• Smartphone Forensics
• Windows Forensics
• MacOS and iOS Forensics
• Network Forensics
• Media Exploitation
• Artifact Analysis
• Rapid Triage
• Database Analysis
• Log analysis
• Malicious attacks
• Network traffic analysis
• Reverse engineering and debugging
• Intrusion detection

Computer Requirements:
Processor
64-bit, x86, 2.0 GHz+

Memory
16GB*

HD
200GB+ Free. Approximately 50GB download of evidence files and virtual machines.

Interface
USB 3.0 | Type-A or dongle with Type-A

Operating System
Windows 10 or later, Mac OS 10.15 or later, Linux

Software for Range
VMware Virtualization. Participants are expected to either provide their own forensics tools, or use the local VMware VM tools that we provide.

* 8GB is possible with reduced performance.