Sign in for Hoffmann Advanced Forensic Sessions
Hoffmann Advanced Forensic Sessions
The main difference with other forensic courses is that the Sessions are given by experts with a worldwide reputation and that the number of participants is limited to twenty-five persons at most.
The focus of the Advanced Forensic Sessions is on the techniques instead of the tools. Besides the intensive study program there will be time for relaxation and knowledge exchange during the week.
Participants
The Hoffmann Advanced Forensic Sessions are aimed at experienced digital forensic investigators, incident response professionals or technical IT auditors. No distinction will be made between Law Enforcement specialists and experienced corporate investigators.
Contents
The Advanced Forensic Sessions consist of four sessions:
Session 1 - Image Forensics by instructor/expert Nasir Memon on Monday 22th November 2010.
|
Course contents Session 1 – Advanced Image Forensics |
|
Recovery of image evidence · Advanced image carving techniques. Smartcarving. (Basic carving knowledge is assumed). |
|
Searching image evidence · Skin tone detection, face detection and face recognition. |
|
Attributing image evidence · Exif information, internet artifacts, camera identification based on image pipeline. |
|
Authenticating image evidence · Copy/move forgeries, statistical detection and image pipeline based authentication |
|
Hands-on |
|
Course material (course reader and software) |
Session 2 – Advanced Mobile Phone and Database Forensics by instructor/expert Hans Henseler on Tuesday 23th November 2010.
|
Course contents Session 2 – Advanced Mobile Phone and Database Forensics |
|
Mobile Phone Forensics · Software for copying and analyzing internal flash memory of a Symbian Phone · Use of mobile flasher boxes for forensic mobile phone analysis |
|
Database Forensics · Data analysis on structured information in financial databases |
|
Data Visualization · Discover patterns in large e-mail collections |
|
Hands-on |
|
Course material (course reader and software) |
Session 3 – Offensive malware forensics by instructor/expert Guido Smit on Wednesday 24th November 2010.
|
Course contents Session 3 - Offensive malware forensics |
|
Offensive forensics |
|
Intro reverse engineering · X86 assembly basics · Reversing tools, from systinternal tools to advanced (IDA Pro, OllyDBG · Reversing on *Nix |
|
Advanced OllyDBG |
|
Reversing for fun and profit: software cracking, patching serial generators |
|
Monitoring tools: keyloggers, (wifi)sniffers, screenshot loggers |
|
Avoiding Anti-Virus detection |
|
Search Anti-Virus signatures in binaries, patching and inline patching |
|
Buffer overflows / shellcode Privilege escalation techniques Metasploit / AutoPwn |
|
Deploying · Attack vectors · Social engineering · Enumeration and scanning |
|
Hands-on |
|
Course material (course reader and software) |
Session 4 – Ad-hoc file system forensics by instructor/expert Andreas Schuster Thursday 25th and Friday 26th November 2010.
|
Course contents Session 4 – Ad-hoc file system forensics |
|
Physical disk examination:
· Physical disk parameters (CHS and LBA addressing, with demo)
· Protected areas (HPA and DCO)
· Acquisition tools and techniques (with demo)
· RAID headers (only briefly mentioned, RAID reconstruction is problem of its own)
Volume examination:
· Master Boot Record / partition table
· GUID Partition Table (GPT)
· Tools (Testdisk, TSK)
· Exercises |
|
File system examination:
· File system layout information
· File name information
· File metadata
· File content |
|
Examine an unknown FS
· Examine the disk
· Isolate the volume
· Statistical analysis of the volume
· Shannon's Entropy
· Chi Square Goodness of Fit Test
· Hamming Weight
· Other techniques
· Guess mime/file type at block boundaries
· Dissect the volume, analyse parts
· Search for repeating patterns
· Identify file name information
· Tools (SQLite, GnuPlot)
· Determine block size
· Connect file name layer with content layer
· Connect file name layer with FS layout information
· Draft analysis tools
· 010 Editor
· Python (using construct and/or Hachoir)
|
|
Hands-on: Analyze real-world case, 40 GB disk image provided |
|
Course material (course reader and software) |
Where and when
Location: Luidsprekerstraat 10 in Almere, The Netherlands
Date: 22th to 26th November 2010
Hours: From 09.00 to 17.00 hrs.
Registration and information
The costs of these exclusive Sessions are € 1.850,-- (excluding VAT) for the entire week (including lunch and social event on Thursday).
Because the number of participants in these exclusive sessions is limited to twenty-five, make sure you register in time by using the online registration form.
You can contact us on our telephone number: (00 31) (0)36-52 33 070. For more specific information on the contents of the Sessions ask for Robert-Jan Mora. To register please contact Fabiola Schaap.
- Hoffmann Advanced Forensic Sessions March 2009 review In March 2009 Hoffmann held its first Advanced Forensic Sessions. The sessions consisted of lectures and workshops that were given by the following recognized international forensic experts: Lance Mueller, Remon Verkerk, Joachim Metz, Bas Kloet, Robert-Jan Mora and Andreas Schuster. The Sessions started on Monday 16th March and ended on Friday 20th March. Read the complete review...