�
�
This two-and-a-half-day workshop comprises three components: lecture, student labs, and team scenarios. It is designed for technical staff who administer and secure information systems/networks. This workshop will provide participants with a fundamental understanding of the computer forensics process, and develop first responders' basic forensic best practices.
The lecture aspect of this workshop covers three areas over the first two days: building/testing safe tool sets; collecting volatile data; and collecting persistent data. There will be labs accompanying each lecture that provide hands-on opportunities to practice methods and techniques. The lab topics include building a safe data collection tool set, collecting and analyzing volatile data, and locating and recovering persistent data. Students will have an opportunity to use Helix, Knoppix-std, sleuthkit/autopsy, dd, ps-tools, and many other forensics tools during class.
The capstone exercise will use a two-part computer forensics scenario to incorporate the information presented during the lectures and the skills learned during the labs. First, students will be organized into teams and tasked with determining the nature and extent of a suspicious IDS Alert within a running networked environment. Each team will have to make a preliminary assessment, determine if any subsystems are affected, collect supporting information, and, when appropriate, enact remediation strategies. Next, the teams will be presented with a questionable email that was forwarded by a "concerned employee." The teams will be tasked with collecting relevant host and network information for an internal investigation.
Technical staff members who manage or support networked information systems and have
Before registering for this workshop, it is recommended that participants complete the Advanced Information Security for Technical Staff workshop or have equivalent training or experience.
Successful completion of this workshop will enable participants to