Mobile Hacking Conference Talks

Rapid response:
Windows DFIR with Velociraptor

By Andreas van Leeuwen Flamino

In this session, Andreas will preview our upcoming Windows DFIR course with a live investigation walkthrough. Follow along as we use Velociraptor to analyze a simulated incident, building a timeline one question at a time by working directly with Windows artifacts.


This approach develops intuition that applies across digital forensics, threat hunting, and incident response. 


We'll cover key artifact categories like execution, persistence, lateral movement, and file system analysis, showing how raw artifact analysis complements your existing security tools and helps you answer critical questions when logs fall short. The skills you'll see transfer immediately to real investigations, whether you're working on a handful of hosts or in larger enterprise contexts.

Thank you!
Bio

Andreas van Leeuwen Flamino

Andreas is a cybersecurity professional with over two decades of experience across red and blue teams.

He started his security career in the late 1990s as a Linux and UNIX systems administrator and moved into red teaming in the early 2000s. Since then, he has delivered dozens of security consultancy projects across diverse industries.

Over the last decade, he has focused on Threat Hunting, Incident Response, and Digital Forensics, standing up multiple practices in each discipline. He is passionate about teaching and about using open-source tools to develop creative solutions. He believes this approach builds a deeper understanding of security fundamentals.
Write your awesome label here.

Register here: