IMF'08: "Reconstructing People's Lives: A Case Study in Teaching Forensic Computing"
Thursday, October 2. 2008
Last week I attended the 4th International Conference on IT Incident Management & IT Forensics (IMF'08) which took place in Mannheim, Germany. IMF's focus is on different aspects of forensic and the program was a mix of academic and industry talks. Especially the invited talks were interesting, my personal highlight was FX's talk on router forensics (the slides from a similar talk at BlackHat DC are available at Recurity Labs).
Together with Felix Freiling and Martin Mink, I had a paper at IMF about the lessons we learned when teaching IT forensics at our university. The paper is now available and present some of the high-level findings.
At our lab, we regularly offer a lecture on IT forensics that deals with the principles of forensics, file system analysis, live analysis, and similar topics. Last time we had two main exercises: filesystem forensic on a prepared floppy disk and some hard disks we bought at eBay and a live analysis of a compromised honeypot. All slides used during the lecture on IT forensics are available at the website of our lab. Perhaps we can also publish more material (e.g., the exercises we used during the ecture), I need to check this...
We also regularly offer a lab on practical aspects of IT security and last time we also included a part on forensics. In theses exercises the students had to analyze used hard disks, flash drives, and mobile phones.
More information about these lectures and labs is available in the IMF'08 paper.
Together with Felix Freiling and Martin Mink, I had a paper at IMF about the lessons we learned when teaching IT forensics at our university. The paper is now available and present some of the high-level findings.
At our lab, we regularly offer a lecture on IT forensics that deals with the principles of forensics, file system analysis, live analysis, and similar topics. Last time we had two main exercises: filesystem forensic on a prepared floppy disk and some hard disks we bought at eBay and a live analysis of a compromised honeypot. All slides used during the lecture on IT forensics are available at the website of our lab. Perhaps we can also publish more material (e.g., the exercises we used during the ecture), I need to check this...
We also regularly offer a lab on practical aspects of IT security and last time we also included a part on forensics. In theses exercises the students had to analyze used hard disks, flash drives, and mobile phones.
More information about these lectures and labs is available in the IMF'08 paper.
".
