Delivering training on Incident Response and Computer Forensics

I’m writing this post while seated on a train going from Birmingham’s International Airport to Banbury, a small town located in the heart of Oxfordshire. It’s only a 40 minutes trip but I really enjoy it, especially if I have a good album to listen to (like that of The Script I’m listening now), some coffee and the nice view of the English countryside I can see through the window right now.

I come to Banbury very often, like once every two or three months, most of the times to hold meetings with my team colleagues, to support ISO 27001 audits or to conduct onsite assessments. None of those are the main purpose of my visit this time. After delivering a new one-day session on Incident Response and Computer Forensics at my employer’s European offices in Leiden (the Netherlands), Bochum (Germany) and Warrington (UK), it’s now Banbury’s turn.

The goal of this sessions is to train our ICT staff on how to best react to security incidents while preserving volatile and non-volatile evidence, but at the same time to give them an overview on what Computer Forensics is all about, so they can understand the importance of handling digital evidence appropriately.

While I’ve run similar sessions in the past, I’m particularly happy with the new material that I’ve put together this time, and the feedback I’m getting from the people that have attended this sessions (more than 25 so far) confirms me that.

I can’t give much detail on its content now (and I will tell you why in a bit) but all I can say is that the training is now packed with hands-on exercises that uses a virtual machine as a portable forensics lab and the image of a compromised Windows 2003 Server as the target of the analysis. It’s based on a real-case scenario and illustrates the methods and the tools that are typically used throughout the course of a real computer forensic investigation. Really useful and fun stuff!

The reason why I can’t give much detail now is because earlier this year, Ewa Dudzic, Editor in Chief of Hakin9 magazine, invited me to write an introductory article on Computer Forensics for their well-known and prestigious magazine, and that article is actually based on the content of the training described above. Now I’m glad to see that the current issue of the magazine announces that the first part of my two-series article will be published in the next issue of Hakin9, that is 4/2009. The article will not just include a step-by-step guide to forensic response and investigation but also references to all the tools and images you can use to set up your own forensic lab and do the exercises at home. Stay tuned, as I will post more details on that as soon as the article is released.

In the meantime I will carry on with my ‘European tour’ that I expect to finish at my home office later in May. Remote locations like India and Sydney might come next, possibly during the second half of 2010.

No doubt, one of the best things about delivering this training is that it’s given me the opportunity to spend more time with colleagues from different geographies and, why not, to have some fun after work. As you can see in the pictures below, I even had the opportunity to watch a live game at Old Trafford!

at Old Trafford

Watching Manchester Utd vs Porto live at Old Trafford, the Theatre of Dreams! (UEFA Champions League 2009)

in Leiden

Great time riding through the streets of Leiden, in the Netherlands

Thanks Andy and Paul for such a great time 😉

One thought on “Delivering training on Incident Response and Computer Forensics

  1. Humm… interesting,

    its great to see you getting out there, thanks for sharing this article… and you got some good seats for the man utd game, i last went to see man utd v portsmouth at wembley and was so high up we could barely make out the players

    Keep up the good work

Leave a Reply

Your email address will not be published. Required fields are marked *

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.