Track 4 is a hands-on track devoted to Linux Forensics, Open Source Tools and Techniques and mobile device forensics.
The subjects will be taught in a hands-on environment in a computer laboratory. World class speakers from around the world have been invited to teach the following:
- Using Sleuthkit and Autopsy Forensic Tools
- Linux Forensics
- Live Forensics using Linux
- Using PyFlag forensic tool
- Log file analysis using Linux
- Mobile Device Forensics
- Mobile device handset memory dumping & analysis
The labs will start after the keynote speech on Day 1 and will run until just before the closing ceremony & forensic challenge awards at the end of Day 3.
Agenda:
Day 1- Wednesday 12th December 2007
| 1100 - 1230 |
Lab 4.1 - Dr.Michael Cohen |
Using open source forensic tool PYFlag for large scale forensic examinations |
| 1230 - 1400 |
Lunch sponsored by Microsoft in Graduate House 2/F |
| 1400 - 1530 |
Lab 4.1 - Dr.Michael Cohen (cont.) |
Using open source forensic tool PYFlag for large scale forensic examinations |
| 1530 - 1600 |
Coffee Break
|
| 1600 - 1730 |
Lab 4.1 - Dr.Michael Cohen (cont.) |
Using open source forensic tool PYFlag for large scale forensic examinations |
Day 2 - Thursday 13th December 2007
| 0900 - 1030 |
Lab 4.2 - Mr. Thomas Rude |
The field of Data Forensics is rapidly expanding. No longer are practitioners facing a single hard drive in a single PC when on-site.
It's not uncommon to find multiple hard drives and multiple PCs and other data storage devices on-site nowadays. This hands-on lab will focus on the art of previewing data on-site, including; why previewing may be faster than blind acquisition and analysis, what to look for when previewing, and how to safely preview data using bootable Linux CDs.
Specific focus on previewing will be with THE FARMER'S BOOT CD (FBCD), the first forensic CD designed and optimized for previewing data quickly in a forensically sound manner. |
| 1030 - 1100 |
Coffee Break |
| 1100 - 1230 |
Lab 4.2 - Mr. Thomas Rude (Cont.) |
The role of Linux Based Live Boot CDs in Forensics |
| 1230 - 1400 |
Lunch sponsored by Microsoft in Graduate House 2/F |
| 1400 - 1530 |
Lab 4.3 - Mr. Andrew Rosen |
Effective Forensics using SMART in a Linux environment |
| 1530 - 1600 |
Coffee Break
|
| 1600 - 1730 |
Lab 4.3 - Mr. Andrew Rosen (Cont.) |
Effective Forensics using SMART in a Linux environmen |
Day 3 - Friday 14th December 2007
| 0900 - 1030 |
Lab 4.4 - Mr. Kevin Mansell |
Mobile Device Forensics |
| 1030 - 1100 |
Coffee Break |
| 1100 - 1230 |
Lab 4.4 - Mr. Kevin mansell (Cont.) |
Mobile Device Forensics |
| 1230 - 1345 |
Lunch sponsored by Microsoft in Graduate House 2/F |
1345 - 1500
|
Lab 4.5 - Mr. Steve Hirst
|
4.5 - mobile handset memory dumping and analysis
I. Traditional methods
A. Strengths
B. Weaknesses
II. Accessing the physical memory of phones
A. Equipment
B. Theory
C. Examples
D. PMs and Absolutes
III. Decoding ( hands on)
A. Nokia S30 Contacts
B. PDU
C. Calendars
Abstract: Students attending this lab will learn about the theory and application of accessing the physical memory of handsets. Students will get hands on practice decoding the output of the memory dump, theory on further research and development strategy and advice on tools to use for decoding. |
| 1500 - 1515 |
Coffee Break
|
| 1515 - 1630 |
Lab 4.5 - Mr. Steve Hirst (Cont.)
|
4.5 - Cont.
|
From 1630 onwards is the closing address, forensic challenge prize giving and lucky draw in the Graduate House theatre |