I'd like to thank everyone for coming to my talks at Enfuse 2016. As promised, here are the materials for the course. I ask that you don't redistribute the materials elsewhere. You must use the password given to you in class, and the link will expire in 30 days:
https://www.dropbox.com/sh/j5svwjm7kse28i3/AACBTcZQYPgikxYPx_c3E7Apa?dl=0
For those who were asking about other available memory samples, we have several available on the Volatility Wiki. We also have memory samples available from our training website, as well as a lab guide and answer sheet for those of you who asked about using memory samples for your college course materials.
As always, feel free to send me an email if you have any Volatility issues or questions.
Showing posts with label CEIC. Show all posts
Showing posts with label CEIC. Show all posts
Wednesday, May 25, 2016
Thursday, January 29, 2015
Some Updates
Wow, it's been a while since I've written here. A lot has happened since, however. Here are a few updates:
The Book
We released a book: The Art of Memory Forensics. For those of you who are considering teaching memory forensics or even operating systems, we have a syllabus and evidence files on our website that you may use in your classes.Trainings
We have several trainings in line for this year, public and private. Public trainings currently include:- Reston, VA April 13th-17th 2015
- New York, NY May 11th-15th 2015
- Amsterdam, NL August 31st-September 4th 2015
Talks
I'll be speaking at the upcoming CEIC conference in Las Vegas, on Wednesday May 20th 2015. Apparently there is a discount code if you register before January 31st: JANS4v15
The Volatility team will also give another talk at NYC4SEC during the week of the training in NYC this coming May. More details will be given for that talk soon.
Tuesday, May 25, 2010
Very Briefly: CEIC
Some people have asked me about CEIC. I will not be attending this year unfortunately. I hope those of you who are currently there are having a blast though :-)
Sunday, May 31, 2009
CEIC materials
I would have had this up sooner, but I was out of town last week and the week before was the conference... Anyway, I promised I would post the slides and supporting files for my CEIC classes. I don't have the slides for the foreign language talk, but I didn't promise to give those out ;-)
How to Address ESI Involving Encryption from Disk Level to Individual Files with David Lyman [ppt | pdf]
Spoofing/hacking/memory analysis talk [pdf]
Here is the ARP spoofing perl script we used and some of you requested: [arpspoof.pl]. You must install Nemesis for the script to work, or you can modify it to use another packet crafting program. Also, depending on the distro you might have to modify the path for the arp command (for Fedora it is /sbin/arp). Anyway, you should be able to modify it on your own.
Also, we used Wireshark and Backtrack 4.
For those of you who would like more VM machines to hack into you can go to de-ice.net.
The agenda had changed somewhat for the second talk, since I had taken the class over from someone else at the last second. I would like to thank Prof Bilal Khan for all of his help and his donation of the vulnerable VM :-) Parts of this lab are representative of some of the courses in the Forensic Computing graduate program at John Jay College.
I would also like to thank AAron and Moyix from the Volatility community for their insight as well.
CEIC was a lot of fun, I met a lot of interesting people and had a blast ;-)
How to Address ESI Involving Encryption from Disk Level to Individual Files with David Lyman [ppt | pdf]
Spoofing/hacking/memory analysis talk [pdf]
Here is the ARP spoofing perl script we used and some of you requested: [arpspoof.pl]. You must install Nemesis for the script to work, or you can modify it to use another packet crafting program. Also, depending on the distro you might have to modify the path for the arp command (for Fedora it is /sbin/arp). Anyway, you should be able to modify it on your own.
Also, we used Wireshark and Backtrack 4.
For those of you who would like more VM machines to hack into you can go to de-ice.net.
The agenda had changed somewhat for the second talk, since I had taken the class over from someone else at the last second. I would like to thank Prof Bilal Khan for all of his help and his donation of the vulnerable VM :-) Parts of this lab are representative of some of the courses in the Forensic Computing graduate program at John Jay College.
I would also like to thank AAron and Moyix from the Volatility community for their insight as well.
CEIC was a lot of fun, I met a lot of interesting people and had a blast ;-)
Monday, April 20, 2009
Briefly: CEIC 2009
I will attend and present at the CEIC conference in Orlando, FL. The agenda is available online and it looks like there will be a lot of interesting talks/labs to see and participate in. It should be fun.
Subscribe to:
Posts (Atom)