What do Desjardins, Apple, Yahoo!, and the NSA have in common? They’ve all been in the public eye for incidents spawned by insiders. Insiders' everyday activity requires legitimate use of their knowledge of, and access to, their employer's systems and data. So how can we distinguish between legitimate use of an employer's resources, and use that poses a threat to the organization or those it serves? This workshop introduces attendees to the methodology behind effective digital forensics investigations. Attendees will learn how to apply the best forensics tool (spoiler: it's your brain!) to solve a mock insider threat investigation. The workshop will introduce investigative methodology, core forensics topics, and key free and open source tools to leverage in their investigation.
Participants should bring:
Attendees will be provided with the evidence for the investigation and links to a variety of free and open source tools, ahead of time. A Windows machine or virtual machine is required for many of the tools. Please come prepared with the evidence downloaded and tools installed. Please feel free to reach out ahead of time with any questions and we'll do our best to assist.
Participants must know or have:
Beginner-Intermediate. Attendees should have a fairly solid understanding of security and computers. Experience in digital forensics is not required, but welcome.