![[LWN Logo]](/images/lwn.banner.gif)
Date: Thu, 1 Jul 1999 14:07:36 -0400
From: Wietse Venema <wietse@PORCUPINE.ORG>
Subject: Dan & Wietse's Computer Forensics Analysis Class
To: BUGTRAQ@NETSPACE.ORG
Announcement of Free Full-Day Class on Computer Forensics & Analysis
*** Sponsored by IBM ***
TIME & LOCATION
Friday, August 6, 1999.
The class will last all day - 8 or more hours. Lunch and
refreshments will be supplied to all registered attendees.
Location: IBM T.J. Watson Research, Yorktown Heights, NY, USA.
For travel directions and lodging information, see the web site
at http://www.watson.ibm.com/menu.html.
The exact time schedule, location & logistics will be made
available to registered attendees.
INSTRUCTORS
Dan Farmer (Earthlink Network)
Wietse Venema (IBM T.J. Watson Research Center)
GENERAL OVERVIEW
Dan and Wietse are giving a free class on the topic of computer
forensics and systems analysis. In a series of case studies
we will analyze information left in the wake of an incident -
on the disk, memory, and elsewhere on a system.
The material will be illustrated with programs that we developed
for UNIX and LINUX systems.
Although the class will be very technical in nature, a basic
understanding of UNIX or LINUX processes and files should be
sufficient for most of the material that we will cover.
This class will be given only once. It will not be repeated,
and no recordings will be made.
CLASS TOPICS (selected, not exhaustive)
Securing and preserving the scene of the crime, recovering data
from deleted files and running processes, the volatility of
information, the canonical order of data gathering, uncertainty
of information, structured data versus raw, and traveling in
time by reconstructing the past from gathered information.
REGISTRATION NOTES & INFORMATION
Seating will be limited to approx. 150 persons. The class will be
filled in a more-or-less first come, first serve basis. In case
of space limitations priority will be given to law enforcement
personnel.
To register, send a FAX with your name, organization affiliation
(if any), and e-mail address to:
+1 914 784 6225
and request a position in the Computer Forensics & Analysis class.
You will receive an e-mail reply to confirm your registration.
*** YOU MUST HAVE A VALID EMAIL ADDRESS THAT WE CAN SEND A CONFIRMATION TO ***
There is no charge for the class, but *please* don't register
unless you are certain that you'll be able to attend, because
others will suffer if the class fills up.
Registration via email will be ignored, unless, of course, you
are a really important person and/or we owe you something, or
you can offer us something that we really want ;-)