Introduction to file-system post-mortem forensic analysis



Date: Wednesday, 05. September 2018 09:00 until Wednesday, 05. September 2018 15:00
Room: EternalBlue
Language: EN
Service Details:
    Target audience: IT or operational security teams
    Duration: 1 day
    Level: Knowledge of operating systems and IT security is required


Training info

Forensic Analysis is based on the assumption that everything leaves a trace behind. A trace in an information system can be any data that helps to identify space and time actions. Post mortem analysis is a key tool to discover and analyse security incidents. This course will teach the participant how to find answers to what has happened by analysing different layers from the physical medium to the file system up to the application level.

Objectives

  • Perform disk acquisition the right way
  • Introduce to file system analysis (NTFS/FAT)
  • Analyse operating system artifacts (MS Windows)
  • Find evidences in communication applications (e.g. browser or chat history)

Forensic Analysis is based on the assumption that everything leaves a trace behind. A trace in an information system can be any data that helps to identify space and time actions. Post mortem analysis is a key tool to discover and analyse security incidents. This course will teach the participant on how to find answers to what has happened by analysing different layer from the physical medium to the file system up to the application level.

  • Perform disk acquisition the right way
  • Introduce to file system analysis (NTFS/FAT)
  • Analyse operating system artifacts (MS Windows)
  • Find evidences in communication applications (e.g. browser or chat history)
  • Forensic correlation with threat intelligence platform like MISP

Prerequisites

We encourage you to bring a laptop running Linux, either natively or in a virtual machine. An installation of Kali Linux is perfect. Please also download the material from https://www.circl.lu/services/forensic-training-materials/

Who benefits most from this training

  • Employees of the IT department 
  • Local Incident Response Team
  • IT security/DFIR interested

Requirement

Knowledge of operating systems and IT security is required

Duration

This is an 8 hours training.

What is included

  • Training material
  • Beverages
  • Light lunch

Overview of the room/facility

EternalBlue

Organiser(s) / Sponsor(s)


Request more information : info@circl.lu

Register for the Event