This website uses its own and third party cookies to collect information that helps to optimize your visit to their web pages. Cookies will not be used to collect personal information. You can either allow or reject their use. You can also change their settings at any time. You will find more information on our Cookie Policy page.


DS4N6 Blog >> RSA Conference '21 - Me, My Adversary and AI - Wrap-Up and Community Resources

RSA Conference '21 - Me, My Adversary & AI - Wrap-Up & Community Resources

370x370_jess-garcia.jpg [17/05/21] May 17, 2021
Jess Garcia - One eSecurity
Twitter: j3ssgarcia - LinkedIn: garciajess

Thanks to those attending my talk at the RSA Conference '21!

On this page you will find a list of resources mentioned during the talk that I hope will be of help for you and the Community.

We also start today a series of blog posts which will explain in-depth the underlying concepts and the gory technical details: Machine Learning with AI.

But that's not all! This is a great occasion for us, and we wanted to use the opportunity to share with the Community a number of tools that we have been working on during the last year.

We release precisely today two of the projects that you have seen presented in the talk, the DAISY DS-for-DFIR Virtual Machine, and the D4ML Machine Learning extensions to the Jupyter ds4n6_lib library.

Together with my talk, I hope this will be valuable contributions to the Community.



In second place, you can find all the projects and tools referenced in the presentation in a previous post:

Follow-up Blog Posts

And to end up with, I will be publishing a blog post series, starting today, with an in-depth discussion of the topics covered during the presentation:

There are 9 parts initially scheduled to be posted over the next few weeks, 2 per week to not choke anyone (they are pretty dense and intense content-wise).

In this series I will go from the conceptual and procedural ideas on how to include IA in your Threat Hunting processes, by means of a combined TTP-based Hunting + Anomaly-based Hunting, along the lines presented in the talk, and then I will review in-depth the implementation, first from the DFIR point of view, then going down to the low levels details of the Machine Learning Autoencoders (Vanilla/LSTM) implementations.

As mentioned during the presentation, this research and these contents fall under the umbrella of our DS4N6 initiative.

Don't forget to follow us to get notified when the new posts are released: Twitter: @ds4n6_io - RSS News Feed

DAISY Release

We wanted to make this special day an even more special day by releasing DAISY, the Data Science & AI Virtual Machine, aimed at facilitating the adoption of DS / AI to the average Forensicator.

We are extremely excited about this release, as it is one more step in the process of making it easy for the average Forensicator to use DS/AI.

Read everything about this release in the following blog post:

And contact us if you have any comment or question!

D4ML - find_anomalies() PoC Release

Although we will not be doing the announcement immediately, I wanted to share with you today the release of the first Proof of Concept version of D4ML, the Machine Learning extensions of the ds4n6_lib.

While these extension are not integrated yet in the ds4n6_lib library, since they are still proof of concept, you will be able to review the code and even use it if you want. But again, beware that it is just proof of concept! There are some underlying concepts, like the new HML (Harmonized Machine Learning) format that you will probably need to understand first.

In the upcoming weeks we will be releasing additional documentation about D4ML, including blog posts showing how to use the find_anomalies() function, etc.

In the mean time, if you want to get a peek at it, visit the D4ML Github Repo.

Thanks! Let's Stay In Touch!

Again, thank you very much for attending my presentation. I hope you enjoyed it, you learnt, and it will open your appetite to learn more about Data Science, Machine Learning and DFIR.

You can also:

  • Follow me on Twitter: @j3ssgarcia
  • Attend the courses at teach at SANS: FOR500, FOR508, FOR610, FOR578, FOR585, …
  • If you need professional DFIR help of any kind, contact me at One eSecurity

Hope to meet you personally in any corner of the world one of these days!

Jess Garcia
DS4N6 - Project Lead / One eSecurity - Founder / SANS - Senior Instructor

Follow us: Twitter: @ds4n6_io - RSS News Feed - Youtube