Target audience: IT or operational security teams
Duration: 1 day
Level: Knowledge of operating systems and IT security is required
Forensic Analysis is based on the assumption that everything leaves a trace behind. A trace in an information system can be any data that helps to identify space and time actions. Post mortem analysis is a key tool to discover and analyse security incidents. This course will teach the participant how to find answers to what has happened by analysing different layers from the physical medium to the file system up to the application level.
- Perform disk acquisition the right way
- Introduce to file system analysis (NTFS/FAT)
- Analyse operating system artifacts (MS Windows)
- Find evidences in communication applications (e.g. browser or chat history)
- Forensic correlation with threat intelligence platform like MISP
The two training sessions (19 December and 20 December) address the same content. Subscribing to both events is not encouraged.
The forensic challenge on 21 December is an invitation to every participant to use their acquired knowledge in a fun and challenging environment and address specific questions.
This training is free-of-charge but there is a no-show fee of 40,- EUR if you register and don’t join us for the training without cancellation.
We encourage you to bring a laptop running Linux, either natively or in a virtual machine. An installation of Kali Linux is perfect. Please also download the material from https://www.circl.lu/services/forensic-training-materials/
Who benefits most from this training
- Employees of the IT department
- Local Incident Response Team
- IT security/DFIR interested
Knowledge of operating systems and IT security is required
This is an 8 hours training.
What is included
- Training material
- Light lunch
Request more information : firstname.lastname@example.org