Market Overview

DFLabs to Reveal Best Practices for "Live Box" Forensics at SANS Threat Hunting and IR Summit


Security Operations Expert John Moran Will Provide Dos and Don'ts and
Demonstrate Free Tool that Automates Data Gathering

DFLabs, the pioneer in Security
Orchestration, Automation and Response (SOAR), today announced that
Senior Product Manager and security operations and incident response
expert John Moran will present best practices for using "live box"
forensics at the upcoming SANS Threat Hunting and Incident Response
Summit in New Orleans.



John Moran, Senior Product Manager at DFLabs, is an expert in
security operations, incident response, digital forensics and
investigations. He has served as a Senior Incident Response Analyst
for NTT Security, Computer Forensic Analyst for the Maine State
Police Computer Crimes Unit and Task Force Officer for the US
Department of Homeland Security. John currently holds GCFA, CFCE,
EnCE, CEH, and CHFI certifications as well as degrees in Digital
Forensics and Information Security.


Organizations are experiencing an increase in complex cyber threats
and advanced attack techniques such as the use of file-less malware.
In response, security operations personnel are turning to the use of
"live box" forensics in threat hunting, despite its perceived risks
and pitfalls. In this session, John will detail the Dos and Don'ts
when conducting "live box" forensics for threat hunting and provide
a best practices framework for incident response teams. In addition,
he will use a newly released, free Windows tool that automates data
acquisition to demonstrate "live box" techniques.


Friday, September 7, 2018 at 10:45-11:20 am CDT


SANS Threat Hunting and Incident Response Summit, Astor Crowne
Plaza, 739 Canal Street, New Orleans, Louisiana, USA


To schedule an in-person meeting at the conference or a phone
conversation with John Moran, contact Marc Gendron at
or +1 781.237.0341. For more information:


About DFLabs
DFLabs is an award-winning and recognized
global leader in security orchestration, automation and response (SOAR)
technology. The company's management team has helped shape the cyber
security industry, which includes co-editing several industry standards
such as ISO 27043 and ISO 30121. Its flagship product, IncMan SOAR, has
been adopted by Fortune 500 and Global 2000 organizations worldwide.
DFLabs has operations in Europe, North America, and EMEA. For more
information, visit
or connect with us on Twitter @DFLabs.

View Comments and Join the Discussion!