SANS Secure Singapore 2012 - Digital Forensic Challenge and Mock Trial

Forensics 408

6 Day Course

For GIAC Certification

If you register for the full course, you may register to seek your GCFE Certification.

Students who attend a live SANS Training Event will receive access to the GIAC certification attempt approximately 7-10 business days after the last day of the event.

Additional information:
GCFE Information
GIAC FAQ
Fee Information

COSEINC, our Singapore Course Provider will be marketing this program locally. Note that Singapore Citizens and PRs must register via COSEINC for CITREP eligibility

FORENSICS 408 - Day 6

Digital Forensic Challenge and Mock Trial

Saturday, March 17, 2012 : 9am - 5pm
Chad Tilbury, SANS Certified Instructor
6 CPE/CMU Credits

Laptop RequiredFree

Focus: Windows Vista/7 Based Digital Forensic Challenge. There has been a murder-suicide and you are the investigator assigned to process the hard drive. This day is a capstone for every artifact discussed in the class. You will use this day to solidify your skills that you have learned over the past week.

Nothing will prepare you more than a full hands-on challenge utilizing the skills and knowledge presented throughout the week. In the morning, you will have the option of working in teams on a real forensic case in which evidence will be provided to you to analyze. The case will step you through proper acquisition, analysis, and reporting in preparation for a possible trial. Every team will work on the case for the majority of the day with the objective of discovering critical pieces of evidence to present during the trial.

The case presented is a complex murder case based that will engage the individual to examine one of the most recent versions of the Windows Operating System released. The case took 3 weeks to create following a script that lays out the key parts of the case in correct time sequence to make for the most realistic training opportunity available. The case will utilize skills from each of the previous days in order to solve the case.

The day will conclude with a mock trial in which presentations of the collected evidence will occur. The team with the best in-class presentation and short write-up will win the challenge and the case.

Day 6 topics include:

Digital Forensic Case
- Analysis
Following evidence analysis methods discussed throughout the week, find critical evidence.
Teams will examine registry, e-mail, recovered files and more for use in the case.
- Reporting
Focus and submit the top three pieces of evidence discovered, and discuss what they prove factually.
One of the submitted pieces of evidence will be documented for potential examination during the mock trial.
Mock Trial
- Each team would be asked to prepare an
  - Executive Summary
  - Short Presentation
  - Conclusion
The team voted with the best argument and presentation to prove their case will win the challenge.

Day 6 exercises

Windows 7/Vista Based Forensic Challenge
Mock Trial

Very intense. I have never been to a conference where we received so much information and so much more to learn post-conference.
-Paul Abels, UPS