Track 3 is a hands-on track devoted to Windows Forensics, Live IR and Mobile Device Forensics.
The subjects will be taught in a hands-on environment in a computer laboratory. World class speakers from around the world have been invited to teach the following:
- Windows forensics using X-Ways Forensics
- Windows Forensics using FTK 2
- Windows Registry Forensics
- Defeating anti-forensics techniques
- Mobile device forensics
- Phone handset memory dumping and analysis
- Forensic Challenge
The labs will start after the keynote speech on Day 1 and will run until just before the closing ceremony & forensic challenge awards at the end of Day 3.
Agenda:
Day 1 - Wednesday 12th December 2007
| 1100 - 1230 |
Lab 3.1 - Mr.Harlan Carvey |
Windows Forensics - Registry Analysis |
| 1230 - 1400 |
Lunch sponsored by Microsoft in Graduate House 2/F |
| 1400 - 1530 |
Lab 3.1 - Mr.Harlan Carvey (cont.) |
Windows Forensics - Registry Analysis |
| 1530 - 1600 |
Coffee Break
|
| 1600 - 1730 |
Lab 3.1 - Mr.Harlan carvey (cont.) |
Live Analysis of Windows Systems |
Day 2 - Thursday 13th December 2007
| 0900 - 1030 |
Lab 3.2 - Mr. Stefan Fleischmann |
Forensics lab using X-Ways Forensics Tool |
| 1030 - 1100 |
Coffee Break |
| 1100 - 1230 |
Lab 3.2 - Mr. Stefan Fleischmann (Cont.) |
Forensics Lab using X-Ways Forensics Tool |
| 1230 - 1400 |
Lunch sponsored by Microsoft in Graduate House 2/F |
| 1400 - 1530 |
Lab 3.3 - Mr. Keith Lockhart |
Forensics hands-on lab using brand new FTK Version 2 |
| 1530 - 1600 |
Coffee Break
|
| 1600 - 1730 |
Lab 3.3 - Mr. Keith Lockhart (cont.) |
Forensics hands-on lab using brand new FTK Version 2 |
Day 3 - Friday 14th December 2007
| 0900 - 1030 |
Lab 3.4 - Mr. Anthony Reyes
|
Advanced use of ProDiscover for Live Forensic Analysis |
| 1030 - 1100 |
Coffee Break |
| 1100 - 1230 |
Lab 3.4 - Mr. Anthony Reyes (cont.) |
Advanced use of ProDiscover for Live Forensic Analysis |
| 1230 - 1345 |
Lunch sponsored by Microsoft in Graduate House 2/F |
| 1345 - 1500 |
Lab 3.5 - Mr.Ricci Ieong |
Law Enforcement lab only - live forensics |
| 1500 - 1515 |
Coffee Break
|
| 1515 - 1630 |
Lab 3.5 - Mr.Ricci Ieong (Cont.) |
Law Enforcement lab only - live forensics |
From 1630 onwards is the closing address, forensic challenge prize giving and lucky draw in the Graduate House theatre
|