Michael Solomon - DFIR Against the Digital Darkness: Forensicating Evil

Ever wondered what it is like being a cybersecurity or incident response analyst? Are you new to investigation or want to take your analysis to the next level? If you answered yes, here is your chance to experience an exciting 4-hour class taught by mR_F0r3n51c5 and S3curityN3rd. In today's threat landscape, malware continues to be used by all various types of threat actors. Using forensic and malware analysis fundamentals, this class teaches students how to investigate a compromised Windows system.

Upon successful class completion, students will be able to:

• Build analysis skills that leverage complex scenarios and improve comprehension.
• Practically acquire data in a forensically sound manner.
• Identify common areas of malware persistence.
• Gather evidence and create a timeline to characterize how the system was compromised.
• Participate in a hand to keyboard combat capstone. Students are given an image of a compromised windows system and demonstrate how to analyze it.

Pre-requisites:

• Although no prerequisites are required, experience with using virtual machines will be helpful.

Materials or Equipment Required:

• Students will be required to download a virtual machine (OVA file). Students will be given a URL for download access.
• Regarding the downloaded virtual machine, this will be imported into your virtual machine software and ready before the start of class. If any additional technical support is needed, the instructors will make themselves available online.
• Students must have a laptop that meets the following requirements:
• A 64 bit CPU running at 2GHz or more. The students will be running a virtual machine on their host laptop.
• Have the ability to update BIOS settings. Specifically, enable virtualization technology such as "Intel-VT."
• The student must be able to access their system's BIOS if it is password protected. This is in case of changes being necessary.
• 8 GB (Gigabytes) of RAM or higher
• At least one open and working USB Type-A port
• 50 Gigabytes of free hard drive space, allowing you the ability to host the VMs we distribute
• Students must have Local Administrator Access on their system.
• Wireless 802.11 Capability
• A host operating system that is running Windows 10+, Linux, or macOS 10.4 or later.
• Virtualization software is required. The supplied VM has been built for out-of-the-box comparability with VMWare Workstation or Player. Students may use other software if they choose, but they may have to troubleshoot unpredictable issues.
• At a minimum, the following VM features will be needed:
• NATted networking from VM to Internet
• Copy Paste of text and files between the Host machine and VM

Event Venue & Nearby Stays

Harrah's Las Vegas, 3475 South Las Vegas Boulevard, Las Vegas, United States