Sign in for Hoffmann Advanced Forensic Sessions
Hoffmann Advanced Forensic Sessions
The main difference with other forensic courses is that the Sessions are given by experts with a worldwide reputation and that the number of participants is limited to twenty-five persons at most.
The focus of the Advanced Forensic Sessions is on the techniques instead of the tools. Besides the intensive study program there will be time for relaxation and knowledge exchange during the week.
Participants
The Hoffmann Advanced Forensic Sessions are aimed at experienced digital forensic investigators, incident response professionals or technical IT auditors. No distinction will be made between Law Enforcement specialists and experienced corporate investigators.
Contents
The Advanced Forensic Sessions are made up of four sessions:
Session 1 – Advanced Office File Forensics by instructor/expert Bas Kloet and Joachim Metz on Monday 16th November 2009.
| Course contents Session 1 - Office File Forensics |
| File Forensics basics |
| Microsoft Outlook and the PST file format and artifacts |
| Microsoft Word and Excel document properties and artifacts |
| Behavior analysis and artifacts |
| Hands-on |
| Course material (course reader and software) |
Session 2 – Mac & iPhone Forensics by instructor/expert Remon Verkerk on Tuesday 17th November 2009.
| Course contents Session 2 - Mac & iPhone Forensics |
| Mac OS Fundamentals (a.o. files & forks, partitioning & filesystems) |
| Imaging a Mac, different approaches for different circumstances |
| Image Types (a.o. File Vault) |
| Data & Application Analysis (a.o. logfiles, Safari, Mail, spool files) |
| iPhone Forensics (a.o. stored data, backups, Zdziarski method) |
| Hands-on |
| Course material (course reader and software) |
Session 3 - Advanced File Carving by instructors/experts Bas Kloet and Robert-Jan Mora on Wednesday 18th November 2009.
| Course contents Session 3 - Advanced File Carving |
| File Systems |
| File Fragmentation |
| File Carving Techniques, handling linear and non-linear file fragmentation |
| Measuring File Carving Quality |
| Hands-on |
| Course material (course reader and software) |
Session 4 - Tools and techniques for Windows Memory Analysis by instructor/expert Andreas Schuster Thursday 19th and Friday 20th November 2009.
| Course contents Session 4 - Tools & techniques for Windows Memory Analysis |
| Intel x86 hardware platform |
| Random Access Memory |
| Addressing modes |
| Memory acquisition methods and tools |
| Hands-on: create Windows memory images |
| Microsoft Windows kernel architecture |
| Windows memory management |
| Kernel objects |
| Analysis techniques |
| Using the Volatility memory analysis framework |
| Hands-on: Analyze Windows memory images |
| Course material (course reader and software) |
Where and when
Location: Luidsprekerstraat 10 in Almere, The Netherlands
Date: 16th to 20th November 2009
Hours: From 09.00 to 17.00 hrs.
Registration and information
The costs of these exclusive Sessions are € 1.850,-- (excluding VAT) for the entire week (including lunch and social event on Thursday).
Because the number of participants in these exclusive sessions is limited to twenty-five, make sure you register in time by using the online registration form.
You can contact us on our telephone number: (00 31) (0)36-52 33 070. For more specific information on the contents of the Sessions ask for Robert-Jan Mora. To register please contact Fabiola Schaap.
- Hoffmann Advanced Forensic Sessions March 2009 review In March 2009 Hoffmann held its first Advanced Forensic Sessions. The sessions consisted of lectures and workshops that were given by the following recognized international forensic experts: Lance Mueller, Remon Verkerk, Joachim Metz, Bas Kloet, Robert-Jan Mora and Andreas Schuster. The Sessions started on Monday 16th March and ended on Friday 20th March. Read the complete review...
