Forensic Extrem – Special Edition

Incident Handling & IT-Forensik im Unternehmen 

Instructors:  Marco Lorenz und Florian Mahlecke

Content:
In this training course current technical methods of IT forensic and incident handling will be introduced.

Using a variety of case examples, the proper procedure will be discussed in the event of suspicion of hacking intrusion, data abuse, data theft, data deletion or unauthorized use of company communication systems.

Each participant will learn how to look for traces in IT systems and how to preserve and interpret them, based on many exercises which he can follow in his own notebook which is provided. Each participant will receive a tool set for life analysis which includes, among other things, collection and analysis tools previously not available. Moreover, in dead analysis established commercial products will be introduced and used in addition to freely available tools.

Life analysis focuses on the collection and analysis of volatile data from running systems, looking at kernel components, network status and main memory as well as at the virtual memory of individual processes. Contrary to the well-known methods of hard disk analysis, advanced methods are used here to gather information for identifying malware (worms, trojans etc.) as well as kernel rootkits, for reproducing code injection attacks or extracting general data directly from memory (images, documents etc.):

The dead analysis focuses on the collection and analysis of persistent data. The participants will be familiarized with the creation of hard disk images, evaluation of file system meta data, handling of various file systems (NTFS, ext3, etc.), recovery of deleted data and the evaluation of log files.

Topic areas: 

• Collect and preserve volatile data
• Main memory and process memory analysis
• Find and analyze rootkits
• Find and analyze malware
• Find and analyze backdoors
• Find and analyze code injection attacks
• Create data media images
• Analyze file system meta information
• Recover deleted data
• Evaluate log files
• etc.

Operating systems covered: Windows, Linux, Unix 

Target group:
Administrators, security officers, CERT teams, company investigators

Prerequisites:
Basic knowledge of Windows, Linux and Unix. Knowledge of means of attacks and hacking techniques are beneficial.  

Price: 2,000,- Euro 

Date: February 10th ot 11th 2014 - the two days before IT-Defense conference. 

The training is conducted in the German language by two experienced trainers. 

Information to our regular dates of the training "Forensic Extreme" and further Information you find here. 

Location:
Hilton Cologne Hotel
Marzellenstrasse 13–17
50668 Köln, Deutschland
Telefon: +49 (221) 130710
Fax: +49 (221) 130720
E-Mail: info.cologne(at)hilton.com
www.hilton.de/koeln