DFIR (Digital Forensic Incident Response)

ALL levels of experience, skill, and interest are welcome and encouraged to join us. You do not have to be a “hacker” to attend.

DC919 Class: Digital Forensics and Incident Response
Have you ever wondered what it’s like being a security analyst? Now is your chance! DC919 will be hosting an introduction class on digital forensics and incident response. This class will arm you with the
knowledge needed to identify malicious threats and characterize their behavior.

This class is open to anyone that would like to participate or observe. If you plan to participate in the hands-on learning objectives, please ensure that you meet the requirements below.

Learning Objectives:
o Hostbased forensic acquisition
o How do we acquire evidence? What areas of the harddrive should I examine?
o Learn to make a full copy of a harddrive
o Learn how to create a custom content image and improve analysis time

o Intrusion forensics: Malware autostart persistence analysis
o You need to find malware in order to analyze it
o Identify common hiding spots for malware to survive a system reboot
o Learn how to spot malware hiding in plain sight

o Malware Analysis
o You’ve found your malware, now what?
o Learn the basic fundamentals of static code analysis
o Learn how to upload a malware sample and perform automated analysis

Requirements: This must be completed before class starts
o A setup guide has been made for this class. Please reference the
“DC919_Classroom_Prep_Guide” found here https://goo.gl/dRE7HX