Workshop Title: Intro to Digital Forensics
Date/Time: Saturday, March 25, 2017. 1:00p – 4:30p
This is a hands-on workshop where you will put into practice those things you may have read about or covered in a class. This is also a great opportunity to meet other like-minded women and to keep your skills fresh if you're a veteran!
Computer Forensic specialists examine data collected in storage and in transit to solve mysteries. They must know how data is stored, how it is transmitted, and how to interpret the data found to support criminal prosecutions, resolve legal disputes, respond to security incidents, and understand malware behavior. This session will review how data is stored on a small thumb drive using flash storage media. During class the student will learn and practice how to identify and recover deleted data and fragments of files previously existing on computer media.
Level 100 courses are designed for students with little to no previous IT Security experience, or no experience in the topic(s) being covered. These courses are meant to be introductory level, or provide the training for entry level certifications.
Level 200 courses are designed for students with some security experience, looking to advance or learn in new topics.
Level 300 courses are designed to offer expert level courses and training on specific topics. Typically, a general understanding and knowledge of the topic being presented is an expected prerequisite.
**No one is excluded from attending a course at a level higher than their current experience. However, the course will move at the pace designed for the level of the course.
Where do I fit? See full description here
In this workshop will review the FAT file system used to store data on removeable thumb drives, and attendees will use that knowledge to recover data previously deleted from a forensic image of a thumb drive. The techniques learned are used in digital forensic investigations to recover evidence in criminal prosecutions, litigation, or to recover data thought to be lost. Practice of the manual techniques also empower students to test the accuracy of commercial GUI forensic tools.
Objectives – What You Will Leave Knowing
What happens to data when files and directories are “deleted”
Does formatting a drive really “erase” the data?
How can data be recovered once it has been deleted?
What do the dates and times mean?
What if only fragments of an old file exist?
How can examiners exercise caution in interpreting and explaining forensic artifacts.
Kristi Horton founded Horton Innovations, LLC. She has previously supported cyber threat intelligence and collaboration as part of the Information Sharing and Analysis Center (ISAC) community, lead the cyber threat intelligence program for a top 10 US financial institution, founded a commercial digital forensic practice for a Fortune 500 firm, developed new courses, training modules, and exercises in cybersecurity, intelligence, and digital forensics, has developed assessments, and has served as an evaluator and coach for forensic professionals. Kristi has also participated in a variety of presentations, panel discussions, and developmental training for intelligence analysts on topics ranging from “What is Intelligence,” to “Applying Analytic Tradecraft to Overcome Bias.” Kristi earned both her BS and MS from Virginia Polytechnic Institute and State University.
Prerequisites – What You’re Expected to Know
- Basic knowledge of Windows Operating system
12:30 - 1:00 Set-up
1:00 - 4:30 Training
Laptop, 4GB RAM, the more RAM, the better.
Windows machine only, native or virtual. Microsoft offers trial versions. Must have admin rights to your laptop!
Office software for note taking and documenting evidence.
Install FTK Imager
The link to download the image and materials will be sent to you once you've registered.
Remote and Male Associate Member Participation:
Once registered, you'll receive the meeting participation info by email the day before the workshop. Expect to join 15-30 minutes prior to test your technical configurations. It’s recommended that you have a 2nd monitor to view the screen-sharing.
Full/Student/Military Member: $60
Associate Member and Remote Attendee: $35
12110 Sunset Hills Rd #600, Reston, VA 20190
WE ONLY HAVE ROOM FOR 20 ONSITE, SO REGISTER EARLY!
Free Parking. Metro accessible - Spring Hill Metro Station