Black Hat Digital Self Defense Federal 2006
Trainiing

Note: if the class is overfilled, then you will be contacted should this occur.

training

Black Hat Federal Training 2006
Sheraton Crystal City • January 23-24

Course Length: 2 days

Cost: US $1800 by January 1, 2006 or US $2000 after January 1, 2006
All course materials, lunch and two coffee breaks will be provided. NOTE: A Certificate of Completion will be offered. You must provide your own laptop.

REGISTER NOW

Two Day Course

January 23-24

Digital Investigations: Practical Digital Forensic Analysis

the grugq

What to bring:
Students must supply their own laptop with a Linux installation, including X windows. This installation can be either native, or in VMware. The Linux installation must have at least 300 mb of free space.

The laptop should have a DVD drive.

Development tools (e.g. gcc, make, etc.) must be installed on the laptop, however no development experience is required. All tools will be provide on DVD-ROM.

Who Should Take this Course:

  • Corporate Security Officers
  • System Administrators
  • Law Enforcement Officers
  • Hackers

Key Learning Objectives

  • Gain an understanding of how forensic tools operate and function, allowing you to better utilize (and evade!) them
  • Understand the forensic process
  • Learn in-depth file system implementation details
  • Conduct a successful digital forensic investigation

Overview
The continuing increase in digital crimes spurs the demand for  effective digital forensic investigation skills. This course teaches how to conduct a successful digital forensic investigation, and builds a solid base of knowledge for further learning. Using a task-oriented approach, participants will learn digital forensic analysis techniques and methodologies which can be applied immediately. During the course, strong emphasis is placed on technical understanding and skills.

The core curriculum of the course revolves around multiple File System Intensive sessions, focusing on file systems used on both Windows and UNIX/Linux platforms such as NTFS and Ext2FS. These File System Intensives use a combination of lectures and task-oriented hands-on lab exercises to instruct and reinforce the deep, low-level, file system knowledge crucial for effective digital forensic analysis and investigations. The lab exercises will teach core skills, such as how to:

  • seize and preserve digital media
  • recover deleted files (both manually and with tools)
  • uncover evidence of tampering

Each File System Intensive concludes with a sample investigation, reinforcing the skills developed within the course and building an understanding of how to successfully conduct a real investigation.

As well as using specific forensic tools, such as The Sleuthkit, the File System Intensives  use standard file system tools to build familiarity with file system data structures. In addition, the Grugq's own forensic tool, PIZDATA, an interactive, programmable, file system analysis tool will be used extensively. PIZDATA allows forensic investigators to rapidly develop new tools, as well as share analysis scripts easily between investigators, and this course will teach how to develop PIZDATA based tools.

During the File System Intensive sessions, students will learn about the forensic analysis process, as well as the techniques and methodologies necessary for successful digital forensic investigations.

Materials
Students will be presented with the following materials to be used and referenced throughout the duration of the course:

  • Open Source forensic software on DVD-ROM
  • Case study file system images on DVD-ROM

Prerequisites
Students should be comfortable using Linux as an operating environment. Students must supply their own laptop with a Linux installation, including X windows. This installation can be either native, or in VMware. The Linux installation must have at least 300 mb of free space. Development tools (e.g. gcc, make, etc.) must be installed on the laptop, however no development experience is required. All tools will be provide on DVD-ROM.

ISC2 CISSP/SCCP CPE Credits
Students are eligible to receive 16 Continuing Professional Education (CPE) credits upon completion of class. Black Hat will automatically forward your information to ISC2.

Course Length: 2 days

Cost: US $1800 by January 1, 2006 or US $2000 after January 1, 2006
All course materials, lunch and two coffee breaks will be provided. NOTE: A Certificate of Completion will be offered. You must provide your own laptop.

REGISTER NOW

Trainer:

The Grugq has been at the forefront of forensic research for the last six years, during which  he has been pioneering in the realm of anti-forensic research and development. During this time, he has also worked with leading IT security consultancies and a  major financial institution. Most recently he has been involved with an innovative security software development start-up company. Currently the director of gxlabs, an information security company, the grugq  continues his research on security, forensics and beer.

Black Hat Logo
(c) 1996-2007 Black Hat