Forensic Computing

This training is an applied forensic computing (aka. computer forensics or digital forensics) workshop, covering different techniques alongside with the explanation of the underlying principles and lots of hands-on exercises. The goal of this training is to provide the basic knowledge that is required whenever an incident has to be analyzed in a forensically sound manner and covers the techniques needed to cope with the majority of incidents.

The following topics will be covered in this training:

Forensic Computing as a Forensic Science
Digital Evidence: Theoretical Background and Classification
The Chain of Custody
The Order of Volatility: Persistant Evidence vs. Volatile Evidence
Harddisk Forensics: File Recovery - Carving vs. Logical Recovery incl. OpenSource Tools
NTFS Logical File Recovery Background and Application
Manual RAID Recovery and OpenSource Tools
Live Forensics: Smell the Smoking Gun
Memory Forensics Overview (this topic is covered more specifically in the “Incident Analysis”-WS)
Network Forensics Overview (this topic is covered more specifically in our TROOPERS17 “Incident Analysis” training.).

Requirements for this course:

Laptop with administrative privileges and VirtualBox installed
IT-Background
Important: Familiarity with Linux and Shell (only Linux command line tools used!)

About the Speaker

Andreas Dewald

Dr.-Ing. Andreas Dewald is working as an IT-Security Researcher at ERNW Research GmbH in Heidelberg and is an associated Post-Doc of the University of Erlangen-Nuremberg (FAU), where he worked as a researcher and lecturer from 2012 to January 2016 at the Chair for IT-Security Infrastructures. From 2013 to 2016, he led the Applied Forensic Computing research group after he finished his PhD in December 2012. Supervised by Prof. Dr.-Ing. Felix Freiling, his thesis was about the formalization of digital evidence and its embedding in forensic computing. Until October 2013, Andreas Dewald, from the FAU side, mentored the first German master’s degree program in Digital Forensics, which is run as a cooperation by the University of Applied Sciences in Albstadt-Sigmaringen. From 2009 to 2012, he worked as a research assistant at the University of Mannheim, where he had previously studied Computer Science. For his master’s thesis “Detection and Prevention of Malicious Websites” Andreas Dewald was awarded with the science prize from the German society for privacy and data security (GDD).