Print Page   |   Contact Us   |   Sign In   |   Register
[Workshop] Intro to Digital Forensics - Part 1 of 3
Tell a Friend About This EventTell a Friend
 

2/17/2018
When: Saturday, February 17
1:00 pm - 5:30 pm
Where: ITPG Office
1964 Gallows Rd Suite 310
Vienna, Virginia  22182
United States
Contact:


Online registration is closed.
« Go to Upcoming Event List  

Workshop Title: Intro to Digital Forensics

Date/Time: Saturday, February 17. 1:00p – 5:30p

 

Introduction

Part of this workshop will be hands-on and part of this workshop will be lecture style.  Kristi will begin with an overview of digital forensics, the different fields and situations where it is used.  The different specialties that can be found in the field and some of the legal and technical pitfalls to avoid for those seeking to learn.  Kristi will bring some examples of the results of forensic analysis in recent events and will demonstrate some curious computer behavior that might surprise people once they view the results forensically.  

Computer Forensic specialists examine data collected in storage and in transit to solve mysteries.  They must know how data is stored, how it is transmitted, and how to interpret the data found to support criminal prosecutions, resolve legal disputes, respond to security incidents, and understand malware behavior.  This session will review how data is stored on a small thumb drive using flash storage media.  During class the student will use commonly available tools to observe what really happens when data is deleted, when a drive is formatted.  Students will understand why forensic professionals must validate tools, equipment, and the claims of vendors when conducting forensic analysis.  here you will put into practice those things you may have read about or covered in a class. This is also a great opportunity to meet other like-minded women and to keep your skills fresh if you're a veteran!


 

Level: 100

Level 100 courses are designed for students with little to no previous IT Security experience, or no experience in the topic(s) being covered.  These courses are meant to be introductory level, or provide the training for entry level certifications.

 

Level 200 courses are designed for students with some security experience, looking to advance or learn in new topics.

 

Level 300 courses are designed to offer expert level courses and training on specific topics.  Typically, a general understanding and knowledge of the topic being presented is an expected prerequisite.  

**No one is excluded from attending a course at a level higher than their current experience.  However, the course will move at the pace designed for the level of the course.

Where do I fit? See full description here 

 

Topic Details:

In this workshop will review the FAT file system used to store data on removeable thumb drives, and attendees will use that knowledge to recover data previously deleted from a forensic image of a thumb drive.  The techniques learned are used in digital forensic investigations to recover evidence in criminal prosecutions, litigation, or to recover data thought to be lost.  Practice of the manual techniques also empower students to test the accuracy of commercial GUI forensic tools.  

 

Objectives – What You Will Leave Knowing

What happens to data when files and directories are “deleted”

Does formatting a drive really “erase” the data?

How can data be recovered once it has been deleted?

What do the dates and times mean?

What if only fragments of an old file exist?

How can examiners exercise caution in interpreting and explaining forensic artifacts. 

 

Bio:

Kristi Horton founded Horton Innovations, LLC.  She has previously supported cyber threat intelligence and collaboration as part of the Information Sharing and Analysis Center (ISAC) community, lead the cyber threat intelligence program for a top 10 US financial institution, founded a commercial digital forensic practice for a Fortune 500 firm, developed new courses, training modules, and exercises in cybersecurity, intelligence, and digital forensics, has developed assessments, and has served as an evaluator and coach for forensic professionals. Kristi has also participated in a variety of presentations, panel discussions, and developmental training for intelligence analysts on topics ranging from “What is Intelligence,” to “Applying Analytic Tradecraft to Overcome Bias.” Kristi earned both her BS and MS from Virginia Polytechnic Institute and State University.

Prerequisites – What You’re Expected to Know

  •  Basic knowledge of Windows Operating system

 

Agenda:

1:00 - 1:30 Set-up

1:30 - 5:00 Training 

5:00 - 5:30 Q &A, Wrap up

 

Requirements:

Laptop, 4GB RAM, the more RAM, the better. 

Windows machine only, native or virtual.  Microsoft offers trial versions.  Must have admin rights to your laptop!

Office software for note taking and documenting evidence.

Install WinHex 

Install FTK Imager

The link to download the image and materials will be sent to you once you've registered.

 

Remote and Male Associate Member Participation:

Once registered, you'll receive the meeting participation info by email the day before the workshop. Expect to join 15-30 minutes prior to test your technical configurations. It’s recommended that you have a 2nd monitor to view the screen-sharing.

 

Cost:

Full/Student/Military Member: $80

Associate Member and Remote Attendee: $35

Non-Member: $120

 

Location:

ITPG 1964 Gallows Rd Suite 310 Vienna, VA 22812

WE ONLY HAVE ROOM FOR 20 ONSITE, SO REGISTER EARLY!

RELATED PRODUCTS
Community Search
Sign In


News & Press
Calendar
Online Surveys