SANS only dedicated European Digital Forensics event returns to Prague this October with its largest line up to date. SANS Digital Forensics, Incident Response 2014 (DFIR) includes the one-day DFIR Summit that will be held on Sunday 5th October, consisting of industry talks and presentations from an expert panel. Either side of the summit, SANS is running 8 courses and an additional DFIR NetWars tournament.
Among the courses running for the first time at SANS DFIR 2014 is FOR518: Mac Forensic Analysis, offering digital forensic investigators the skills needed to broaden their analysis capabilities and obtain the confidence and knowledge to comfortably analyse any Mac or iOS system. As course instructor Hal Pomeranz explains, “Most investigators will come across an Apple or iOS device at some point in their careers and there are some major differences compared to Windows machines which are essential to understand to allow for successful forensics and evidence collection.”
According to Pomeranz, “Apple does not release a great deal of information around its operating systems and this course effectively assembles a lot of the insights and tools that researchers have gathered into a single source to help students quickly build skills that can be used in the real world.” The course also looks at forensic techniques for a number of Mac-specific technologies, including Time Machine, Spotlight, iCloud, Versions, FileVault, AirDrop, and FaceTime.
Pomeranz believes that there is still a major shortage of Forensics Investigators with skills around Apple based technologies. The timing of the course is significant following the recent announcement that IBM and Apple will be working together to offer a range of Apple based business applications and communication solutions to enterprise customers.
Other new or extensively updated training courses at DFIR 2014 include:
FOR572: Advanced Network Forensics and Analysis, provides the tools, technology, and processes required to integrate network evidence sources into investigations, with a focus on efficiency and effectiveness.
FOR526: Windows Memory Forensics In-Depth provides the critical skills necessary to proficiently analyze captured memory images and live response audits – critical for any serious investigator who wishes to tackle advanced forensic and incident response cases.
FOR585: Advanced Smartphone Forensics focuses on smartphones as sources of evidence, providing the necessary skills to handle mobile devices in a forensically sound manner, understand the different technologies, discover malware, and analyse the results for use in digital investigations.
SANS DFIR Prague 2014 also hosts four other popular courses:
FOR408: Windows Forensic Analysis focuses on the critical digital forensics knowledge of the Microsoft Windows operating system including collecting and analyzing data from computer systems to track user-based activity that can be used in internal investigations or civil/criminal litigation.
SEC504: Hacker Techniques, Exploits & Incident Handling is aimed at helping information security professionals understand attackers’ tactics and then design a comprehensive incident handling plan, including the legal issues associated with responding to computer attacks and Incident Handling.
FOR508: Advanced Computer Forensic Analysis and Incident Response has been updated to reflect a dramatic increase in sophisticated attacks against nearly every type of organization. Economic espionage in the form of cyber-attacks has proven difficult to suppress and the course is aimed at meeting these issues.
FOR610: Reverse-Engineering Malware teaches the practical skills necessary for examining malicious programs that target and infect Windows systems.
The Prague event will also host two sessions of DFIR NetWars “Tournament Play” held over a two-day and free for those taking training. DFIR NetWars is an incident simulator packed with a vast amount of forensic and incident response challenges, for individual or team-based “firefights.”
For more information and for early registration discounts, please visit: http://www.sans.org/event/dfir-prague-2014/