The host forensics track is part of a multi-track training program created by CyberFIRE staff to give students a hands-on introduction to concepts and process involved with forensics analysis for incident response by industry professionals with a proven track record. The mission for someone skilled in Host Forensics is to find the trail of breadcrumbs that might have thought to be lost in noise or history. This is a complex and demanding job requiring in depth knowledge of many technical and analysis topics.
In this track, attendees will go over the technical topics and processes involving Host Forensics. This will include expectations for their role within a CSIRT (Computer Security Incident Response Team) rapidly responding to potential incidents. Throughout the course, there will be plenty of hands-on activities to acquire and analyze data to extract artifacts and tell a story of what happened on the host during an incident.
Topics will include: