Hot Topics
Security Bloggers Network 
SBN

The history behind the DFIR Summit characters

by SANS Blog on July 15, 2020

The Digital Forensics & Incident Response community has always been unique. So, it is not much of a surprise DFIR Practitioners are referred to as heroes in their profession. They must have exceptional investigative skills to find the needle in the haystack – even when all tools fail. They must have hunger for the truth, must be ready to leave their own families to protect others and above all, have the quest to see good prevail. Aren’t these “superpowers”? Not everybody has these and that is what makes these heroes unique.

Rewind to 2009, to when SANS and Rob Lee introduced the new DFIR Curriculum. It was only fair to brand the new Curriculum with an icon that could represent the community and what it stands for. Shortly after the SANS DFIR Curriculum was introduced, the SANS DFIR Hero was born and became the icon for brochures, social media and the DFIR Curriculum brand.

Untitled_design_(6).png

As the years progressed, many changes had happened to the SANS DFIR Hero. He was featured for the first time as a Lego minifigure in 2011. In supporting the SANS initiative to encourage and support women in the cybersecurity industry, the SANS DFIR Curriculum Hero introduced the DFIR Heroine as part of the 10th anniversary of the DFIR Summit. Two years later, during the 12th DFIR Summit, SANS introduced the limited edition of the Lego DFIR Forensicators in their superhero form which included the DFIR course coins as shields.

Clzuy24UsAA51oV.jpggirlmockup-shield1.pngguymockup-shield2.png

As we all know, this year’s DFIR Summit is going to be different. Not only has the Summit been opened free to the public with a record registration of 19K+, but also, for the first time, all sessions will be broadcasted 100% online. The decision of making the Summit free, was an easy one for SANS. Giving the community the gift of great content while enjoying networking during these unprecedented times was the right choice for sure.

So, as the “DFIR Summit the 13th – Pandemic Edition” approaches, we decided to create the DFIR Summit gear around these characters that in one way or another have their origins at the DFIR Summit.

After reviewing several ideas, we opted for the Zoom picture now featured in our DFIR Summit 2020 gear. We are certain the DFIR community will appreciate that we have chosen to pay tribute to these characters. These characters are not only part of the history of the DFIR Summit, but also highlight the sense of humor this community has! 

dfir_summit_gear.JPG

So here you have it…

@dfirforensictr:

lego.JPG

Each DFIR Forensicator comes packed in a clear plastic case. In the back of the case the following can be read:

A Hero for the Ages – The Digital Forensics and incident response DFIR Forensicators enable your team to forensicate all things!
All Forensicators are equipped with:

  • Hacker detection spidey-sense
  • Walking encyclopedia of Windows & Apple macOS artifacts
  • Smartphone chip-off extraction & SMS recovery skills
  • Network traffic hacker tracking
  • Professor X-like memory forensics
  • Malware reversing & decoding skills
  • Hunt & track threats under any conditions
  • Enhanced cyber intelligence & hypercongnitive analysis
  • Evidence forensic acquisition speed to gather intelligence in 90 minutes or less
  • A lethal coin forensicator coin shield to repel all evil.

As a proof that even animals do not miss the DFIR Summit, here are the ones that made their appearance over the years:

@DFIRCricket: 

cricket.JPG

We cannot say the DFIR Cricket made his appearance at the Summit, however he clearly was very vocal, and everybody was paying close attention to his “chirp, chirp”. Especially when there were no questions after a presentation and silence flooded the summit room.

DFIR Mouse:

mouse.JPG

The DFIR Mouse was more interested the breaks that in the lectures, do you know why? Here the little DFIR cheezball made his appearance at the Summit alarming just a few attendees. To be nice, we are naming the hotel that hosted the summit that year.

DFIR Horse:

horse.JPG

Hi. My friend would really like to meet the person who snuck this horse into a hotel. Was it you? Was it your friend? Let me know if you have any info!

If someone could sneak a horse into a hotel room, that would be one of the DFIR Summit attendees.

Jackalope:

jackalope.JPG
downtown-4.jpg

Over the years, the DIFR Summit night out have been hosted at the Jackalope. The Jackalope is Austin’s favorite and most famous dive bar. If you really want to know the history of the SANS DFIR Summit and the night out networking at the Jackalope, we suggest you do some twitter search. WHo knows, you might find a picture or two.  We do not kiss and tell, all we can say is that the big Jacklaople has been ridden by many forensicators over the years.

@ForensicGator:

forensigator.JPG

The DFIR ForensicGator is the newest of our characters. It was born after Gilbert Gottfried announced the free Summit in a social media video. He mistakenly called out to all “ForenicGators” instead of “Forensicators”. From then on, the DFIR ForensicGator was born.

And last but not least the Emergency Tacos:

tacos.JPG

Who does not like tacos? Austin’s favorite Torchy’s tacos have been a must for the DFIR Summits over the years. As a tradition, Rob Lee invite all speakers the night before the summit for a night out with drinks and a taco feast delivered by the very famous taco place.

We might not be able to see each other face to face at the DFIR Summit 2020 but, our community is not far away. Thank you for joining us at the DFIR Summit 2020!


Recent Articles By Author
More from SANS Blog

*** This is a Security Bloggers Network syndicated blog from SANS Blog authored by SANS Blog. Read the original post at: http://feedproxy.google.com/~r/SANSForensics/~3/7pIYCJ3zBWE/the-history-behind-the-dfir-summit-characters

SANS Blog