Abstract: 

There is no doubt that Data Science is a powerful weapon for analyzing many types of data, and DFIR data is no exception.

DFIR data (Logs, Artifacts, Network Traffic, etc.) can be transformed from its typical proprietary format to json or csv by means of computer forensic tools, making it ready for powerful analytic Data Science tools (Jupyter, pandas, matplotlib, etc.). But... can you solve a Digital Forensics Investigation using just Data Science tools? What are the advantages? How can you do it?

In this workshop, which is directed to both a Data Science audience who may want to learn DFIR, and a DFIR audience who may want to learn Data Science, Jess Garcia will explain the fundamentals of Data Science and DFIR, and will lead the audience through all the different steps of an end-to-end investigation using exclusively Data Science tools and techniques. In the process, Jess will introduce multiple forensic artifacts and will explain the value they provide to the overall investigation.

Jess will also introduce CHRYSALIS, a framework created by the DS4N6 community to bridge the Data Science and DFIR worlds, and will use the powerful capabilities it provides for reading, processing and analyzing DFIR data in order to facilitate and speed up the analysis and solve the case.

Bio: 

David Contreras is a Senior Forensic Analyst in One eSecurity, working in Incident Response, leading the Research team and Internal products development. David has more than six years in DFIR, working in multiple remarkable incidents in international organizations and many other projects related to Threat Hunting, SOCs, etc. He also collaborates in the research of the DS4N6 project (www.ds4n6.io), helping to provide Data Science and Machine Learning content to the Cybersecurity community.