Black Hat USA Registration Black Hat USA Registration Black Hat USA Briefings Black Hat USA Briefings Black Hat USA Training Black Hat USA Training Black Hat USA Schedule Black Hat USA Schedule Black Hat USA Sponsors Black Hat USA Sponsors Black Hat  USA Special Events Black Hat  USA Special Events Black Hat USA Venue Black Hat USA Venue

On This Page

Computer Forensics & Incident Response For Investigators

Trustwave SpiderLabs | July 27-30



Ends May 31



Ends July 24



Ends July 30


Computer Forensics & Incident Response for Investigators is a four day, instructor led course delivered by experienced investigators who have taught corporate incident response teams and law enforcement agencies globally. Anyone who wishes to learn computer forensics and incident response tool and methodologies, and are actively involved in forensics investigations will benefit for this course.

After completing this unclassified course, you will possess the skills necessary to successfully conduct a data breach investigation that adheres to a formal methodology, which will greatly increase the probability of the admissibility evidence in a court of law and ultimately increases the chances of apprehending the intruder.

You will engage in hands on labs and instructor led demos of core competencies in a “real world” environment. The real world environment is made possible through the use of Virtual Machines (VMs). Each VM is pre-configured to mimic different Operating Systems (OSs), network environments and intrusion issues.

While formal prerequisites are not required, exposure to basic computer and networking fundamentals, experience working within the Microsoft Windows family of operating systems, and familiarity with basic computer security terms and concepts will assist you.


None, although previous forensics experience/knowledge will be useful

What Students Will Be Provided With

What Students Should Bring

Students must furnish their own laptop running a version of Microsoft Windows. VMware Workstation or Server will also be required in order to participate in the hands--‐on labs. Laptops should have at least 20GB of free space.


Chris Pogue leads the Trustwave SpiderLabs team for the Western United States, as well as all Government, Law Enforcement, and physical security projects. The team works with a wide variety of engagements including network penetration testing, application penetration testing, physical security testing, forensic investigations of unauthorized access, data breaches, credit card theft/fraud, mobile device forensics, and enterprise incident response. The team also provides forensic and incident response training to corporate security teams as well as law enforcement agencies at all levels.

Prior to joining Trustwave in November 2008, Chris served in the United States Army for thirteen years in the Field Artillery and Signal Corps as a Warrant Officer in addition to working as a Cyber Security Instructor and Digital Forensic Investigator. After leaving the military, Chris joined the IBM Internet Security Systems (ISS) X-Force where he remained for five years, ultimately becoming one of three Incident Response Engagement Managers.

Among his many achievements, Chris was the original creator of the forensic methodology known as Sniper Forensics, a method that is quickly emerging as the industry standard among users including the Federal Bureau of Investigation and the United States Secret Service. Additionally, in 2010, Chris was named as a SANS Thought Leader. Since its introduction in 2007, only 41 security professionals have been awarded this distinction.

Chris holds a full range of professional certifications including: Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Reverse Engineering Analyst (CREA), SANS GIAC Certified Forensic Analyst (GCFA), and Payment Card Industry Qualified Security Assessor (QSA). He also plays a leading role in a number of industry-relevant organizations which include the Consortium of Digital Forensics Specialists (CDFS), United States Secret Service Electronic Crimes Task Force (USSS ECTF) and the International Association of Chiefs of Police (IACP). Chris is the primary author of Unix and Linux Forensic Analysis by Syngress and the author of the award winning blog, The Digital Standard.

Chris has a Bachelor of Science degree in Applied Management from Grand Canyon University and a Master of Science degree in Information Security from Capella University, as well as an active Top Secret (TS/SSBI) clearance.