IT Forensics for System Administrators 2
from
Wednesday, 27 April 2022 (11:00)
to
Monday, 30 May 2022 (12:00)
Monday, 25 April 2022
Tuesday, 26 April 2022
Wednesday, 27 April 2022
11:00
IT Forensics for System Admins - CyberChef
-
Stefan Kelm
(DFN-CERT)
IT Forensics for System Admins - CyberChef
Stefan Kelm
(DFN-CERT)
11:00 - 12:00
Since its first release in 2017 CyberChef - described as "The Cyber Swiss Army Knife" - has quickly become one of the go-to tools for many IT security practitioners. CyberChef is a free, browser-based, open source tool, that supports hundreds of different "cyber operations" such as encoding, encrypting, compressing, converting, analysing data, etc. It is especially useful for malware analysts as well as forensic investigators. This webinar/live demo will demonstrate many of CyberChef's powerful capabilities as well as some of the less well known operations.
Thursday, 28 April 2022
Friday, 29 April 2022
Saturday, 30 April 2022
Sunday, 1 May 2022
Monday, 2 May 2022
Tuesday, 3 May 2022
Wednesday, 4 May 2022
11:00
IT Forensics - Memory Analysis Basics - First Steps
-
Klaus Möller
(DFN-CERT)
IT Forensics - Memory Analysis Basics - First Steps
Klaus Möller
(DFN-CERT)
11:00 - 12:00
Having obtained an image of the memory of a compromised system, what to do with it? This part of the forensic process is called analysis, and this webinar will go through the first steps of analysing a memory image, looking into processes, network and temporary filesystems as well as some operating system specific artefacts, such as the Windows registry of the Linux Bash history.
Thursday, 5 May 2022
Friday, 6 May 2022
Saturday, 7 May 2022
Sunday, 8 May 2022
Monday, 9 May 2022
Tuesday, 10 May 2022
Wednesday, 11 May 2022
Thursday, 12 May 2022
11:00
IT Forensics - Advanced Memory Analysis - Dealing with Malicious Code
-
Klaus Möller
(DFN-CERT)
IT Forensics - Advanced Memory Analysis - Dealing with Malicious Code
Klaus Möller
(DFN-CERT)
11:00 - 12:00
Malware that is other compressed and encrypted on disk is usually unpacked and in cleartext in memory. Likewise, rootkits that conceal adversary activities can be found with relative ease in the memory image of a compromised system. This webinar will show some techniques to obtain malware that works along common ways, such as DLL injection, malicious kernel modules, or system call table manipulation. Concluding the module, ways to extract suspicious code segments for further analysis are also shown.
Friday, 13 May 2022
Saturday, 14 May 2022
Sunday, 15 May 2022
Monday, 16 May 2022
Tuesday, 17 May 2022
Wednesday, 18 May 2022
Thursday, 19 May 2022
Friday, 20 May 2022
Saturday, 21 May 2022
Sunday, 22 May 2022
Monday, 23 May 2022
Tuesday, 24 May 2022
Wednesday, 25 May 2022
11:00
IT Forensics - Persistent Storage Forensics I - Basics and First Steps
-
Tobias Dussa
(DFN-CERT)
IT Forensics - Persistent Storage Forensics I - Basics and First Steps
Tobias Dussa
(DFN-CERT)
11:00 - 12:00
In this session, we will discuss the basic concepts of persistent storage forensics. Furthermore, some approaches with easy-to-use basic tools will be presented and demonstrated.
Thursday, 26 May 2022
Friday, 27 May 2022
Saturday, 28 May 2022
Sunday, 29 May 2022
Monday, 30 May 2022
11:00
IT Forensics - Persistent Storage Forensics II - Advanced Approaches
-
Tobias Dussa
(DFN-CERT)
IT Forensics - Persistent Storage Forensics II - Advanced Approaches
Tobias Dussa
(DFN-CERT)
11:00 - 12:00
In this session, more advanced analysis methods and tools will be discussed. Furthermore, these methods and tools will be demonstrated in practice with select case samples.