In-person training
DIGITAL FORENSICS 101Technical training
As a cybersecurity professional, you might come across bad guys and deal with their attacks. When suspicious activity is detected, the investigation starts. It may turn to the incident response, which raises questions such as: How did the attackers breach the systems and when? What kind of malicious activity have they performed and what data have been compromised? Or there already may be another not-so-good guy in your organization /insider threat/, for example, who has exfiltrated your valuable secrets, and this activity needs to be investigated with all the consequences.
This is the time for digital forensics to help us with the investigation. It is not only about analysis, but we should also keep in mind the correct evidence collection, and data acquisition too. During the training, we will cover the whole process of digital forensics with explanations, and practical hands-on exercises and examples.
In short, the agenda includes forensic introduction, local and remote data acquisition, evidence handling, and processing. After that, be ready for data analysis focusing on the most important Windows forensic artifacts.
During our training, we will see and try several “almost free” tools such as Kape, Velociraptor, Autopsy, ELK, Volatility, etc. After that, the final CTF-style challenge will be available to practice the covered content.
PREREQUISITES:
Participants should:
- be familiar with Windows OS
- have a computer with at least 16 GB of RAM, 40 GB of free space on HDD/SSD, and installed VirtualBox (64-bit edition)
- Upon request, VMware images can be provided, too
- USB flash drives with training material will be provided during the training
More info about training
DATE
16 May 2023
Duration: 8 hours (including lunch and 2x coffee breaks)
FORMAT
In-person training
TARGET AUDIENCE:
Cyber Security Specialists, Cyber Defense Analysts, Incident Responders, Blue Teamers, SOC Analysts, Threat Hunters