Dec 28, 2013 ... Page 1 ... Windows artifacts found in file system of removable disks. ...
Sysinternals Administrator's Reference, Windows Internals 6 (part 1 & 2) ...
Recent Advances in Memory Forensics Workshop 28 December 2013, Sat, 9:30 am – 12:30 pm Venue: The Electronic Crime Investigation Centre, 24th Floor, Customs Headquarters Building, 222 Java Road, North Point, Hong Kong Outline: The ability to perform digital investigations and incident response is becoming a critical skill for many IT Sec professionals. Conventional digital investigators placed most of their efforts in analyzing Windows artifacts found in file system of removable disks. However, they frequently lack the experience and knowledge to take advantage of the volatile artifacts identified in the memory. This workshop will demonstrate how memory forensics is critical for the digital investigation process and how investigators can gain the better hand. The workshop will provide you an opportunity to practice on how to use these invaluable tools from the researchers that have pioneered in the field. In early of this year, our member ‐ Frankie Li presented his forensic analysis on Mandiant’s APT1 Report. In the captioned event Frankie will share what he learnt from the training in Volatility and bring us his view in this important advancement in memory forensics. Pre‐requisites: The attendants should have some experience with the Volatility Framework and skillful knowledge of Windows operating systems and Linux commands Prior readings in materials related to Windows kernel will provide the attendants best opportunities to understand the materials in full Basic knowledge of Python scripting language is important to analyze the Framework Who Should Attend: Members of ISFS Law Enforcement Security Professionals and Individuals who are concerned in incident response Equipment Required: Participants should bring their own laptops installed with VMware or VMFusion Hard disk with free space of 10G ‐15G for a virtual machine and tools Fee: Free of charge, but only opened for members of ISFS and members of invited societies Registration and Enquiry: Due to limited space of the venue, pre‐registration is required. Please send information of Full Name and Telephone No. via email to Ms Catherine Chan at
[email protected] on or before 20 December 2013 Suggested readings and online materials before the workshop Volatility Cheat Sheet Volatility Map (enclosed) Books: Windows Sysinternals Administrator’s Reference, Windows Internals 6 (part 1 & 2) and Malware Analyst’s Cookbook and DVD http://www.codemachine.com