Community Learning Day at DFIRCON - Sun, Nov 17 @ 8:00 AM
Join us for an exclusive, in-person Community Learning Day just before DFIRCON begins, focused on enhancing your cybersecurity skills with open-source tools. This special day offers a unique opportunity to learn from industry-leading experts through interactive tutorials. These sessions will guide you through the practical applications and best practices of using these tools in cybersecurity. You'll gain actionable skills and insights directly from the authors and developers in this immersive experience.
Community Learning Day is exclusive for in-person attendees.
Community Learning Day Agenda - Sun, Nov 17 @ 8:00 AM
Room 1 | Room 2 |
---|---|
8:00 AM - 10:00 AM Session: Cloud incident response at zero cost, leveraging open-source tooling for acquisition and analysis. Presenter: Korstiaan Stam Description: Join this hands-on workshop where you'll learn how to leverage Invictus' open-source tooling to acquire data from major platforms like Microsoft, AWS, and Google Workspace, all without incurring any costs. Gain practical skills in zero-cost data acquisition and a deeper understanding of how to find indications of an attack using open-source solutions. | 8:00 AM - 10:00 AM Session: SOF-ELK Hands-on Workshop Presenter: Phil Hagen Description: Explore the SOF-ELK platform and its Elastic Stack components for digital forensic investigations. |
10:00 AM - 10:15 AM Morning Break | 10:00 AM - 10:15 AM Morning Break |
10:15 AM - 12:15 PM Session: Getting Started with EZ Tools Presenter: Eric Zimmerman Description: Learn the basics of EZ Tools to quickly process Windows artifacts. This session covers exporting data to CSV and analyzing output from various tools. | 10:15 AM - 12:15 PM Session: The Joy of ArtExperimentation! Presenter: Ian Whiffin Description: This session will examine the use of ArtEx in testing and researching of forensic artifacts, digging into the features of the tool that are designed to make your job easier. |
12:15 PM - 1:15 PM Lunch Break | 12:15 PM - 1:15 PM Lunch Break |
1:15 PM - 3:15 PM Session: Mastering xLEAPP for Multi-Platform Artifact Parsing Presenter: Alexis Brignoni Description: Learn to use xLEAPP's framework to create plugins and parse artifacts from iOS, macOS, Android, Chromebooks, warranty returns, and Windows. | 1:15 PM - 3:15 PM Session: Mastering SIFT Workstation Presenters: Mike Pilkington and Erik Kristensen Description: A comprehensive guide to using the SANS Investigative Forensic Toolkit Workstation for digital forensics and incident response. |
3:15 PM - 3:30 PM Afternoon Break | 3:15 PM - 3:30 PM Afternoon Break |
3:30 PM - 5:30 PM Session: OneDrive Forensics Presenter: Brian Maloney Description: Learn the essential techniques for extracting, analyzing, and managing forensic data from the OneDrive client to enhance your digital investigation skills. | 3:30 PM - 5:30 PM Session: Tool Validation Presenter: Kat Hedley Description: Learn to validate your Digital Forensic tools through a hands-on tutorial, ensuring they deliver accurate results in real-world scenarios. |
5:30 PM - 6:00 PM Wrap-Up Session: Closing remarks and summary of key takeaways | 5:30 PM - 6:00 PM Wrap-Up Session: Closing remarks and summary of key takeaways. |
6:30 PM - 7:30 PM Reception: An opportunity to network and reflect on the day's sessions and insights in a relaxed setting. |
Meet the Presenters
To ensure a smooth and hands-on experience, please review the system requirements below and download the necessary tools ahead of time.
System Requirements - To fully engage in the tutorials, please make sure your laptop meets the following requirements:
- Operating System: Windows 10 or higher, or virtual machine running Windows if using a Mac/Linux system.
- RAM: At least 8 GB (16 GB recommended for optimal performance).
- Storage: Minimum 20 GB of free hard drive space.
- Software: An updated web browser and PDF reader.
Downloading Tutorial Tools - Please download the following tools and datasets required for each session:
- Cloud incident response at zero cost, leveraging open-source tooling for acquisition and analysis, by Korstiaan Stam.
- SOF-ELK Hands-on Workshop, by Phil Hagan
- Getting Started with EZ Tools, by Eric Zimmerman
- The Joy of ArtExperimentation!, by Ian Whiffin
- Mastering xLEAPP for Multi-Platform Artifact Parsing, by Alexis Brignoni
- Mastering SIFT Workstation, by Mike Pilkington & Erik Kristensen
- OneDrive Forensics, by Brian Maloney
Preparing your system in advance will help you get the most out of the hands-on labs and engage fully with the content.