Michael Hamm
[CIRCL.LU ]
Michael Hamm has worked for more than 10 years as Ingenieur-Security in the field of classical Computer and Network Security (Firewall, VPN, AntiVirus) at the research center “Henry Tudor” in Luxembourg.

Since 2010, Michael has worked as an operator and analyst at CIRCL – Computer Incident Response Center Luxembourg where he is working on forensic examinations and incident response.

Tutorial: PART 1: FORENSICS I 'BASICS' and PART 2: FORENSICS II 'MS WINDOWS ANALYSIS'

Technical Level (3 being the highest score): 2

"Every contact leaves a trace" is known as the Locard's exchange principle. This statement of Dr. Edmond Locard, who was a pioneer in forensic science, still holds this days also for computer forensics. The aim of this course is to give a broad introduction into the topics, with the focus on post-mortem digital forensics.

The participants will learn the basics of reading and modifying binary data with the goal to lose the fear in working with hex-editors. With this knowledge it is possible read and understand the geometry of a disk and the partitions. Partitions are the home of the file systems which are of great importance in forensics. The participants will understand the concept of file systems, how to create a time line and recover deleted data. Finally Windows related topics like Registry, Event Logs, Prefetch Files and more is covered.

This is an introduction with two main goals. First the participants should learn the basic concepts and lose the fear to investigate, even on a binary level. Second the they should learn to understand the reports and the limits of automated tools, which are used in common.

Secure your place now!