Signed in as:
Signed in as:
In this hands-on workshop, we will use multiple tools to identify services, including software package and version information running on unknown systems. Network services to be targeted will include those running on non-standard ports or behind firewalls. After exploring the use of network scanning tools, we will switch our attention to analyzing website data by extracting website contents and exploring its metadata. Attendees will be provided access to their own lab environment.
Introduce students to the process of capturing a live RAM image and analyzing it using Volatility. Learners will explore several Volatility plugins for analyzing a Windows memory image, then analyze actual RAM images, including one with active malware.
Introduce learners to the process of imaging and forensically analyzing disks, including finding artifacts such as deleted files. Autopsy forensic browser will be used in addition to command-line programs from the open-source Sleuth Kit tool set.
Learners will explore forensic artifact concepts common to Windows computers, such as traces of user activity left behind on a computer even after the user logs out or the computer is shut down.
This workshop will explore file analysis techniques designed to identify hidden malware. The Cuckoo sandbox is used to detonate a suspicious executable so it can be analyzed for signs of malicious behavior. Additionally, the UPX and OllyDbg utilities are used to unpack a suspicious executable and further analyze its operation.