GRR Tutorial

GRR Rapid Response is an incident response framework focused on remote live forensics. GRR workshop is going to start with a short introduction to the GRR system for people who have not used it before and afterwards will be pure hands-on work.

Participants will get access to a fully set up GRR environment including machines to investigate running Windows and Linux and will learn how to use the investigation techniques GRR provides to solve various forensics tasks. Those tasks range from pretty easy ones like reading files or registry keys to advanced forensics techniques like grabbing artifacts directly from live memory across the whole testbed at the same time. GRR automation and scripting will also be discussed.

Knowledge of GRR is no prerequisite for this workshop but if you’d like to attend, we’d kindly ask you to bring a laptop capable of web browsing. If this is not feasible for some reason, there is of course also the option to collaborate with other participants.

Bitcoin Interception Experience

This workshop gives an overview of Bitcoin system and the information retrievable from clients, miners and services. Two real-life cases will be used to demonstrate the methodology.

Network forensics using flow data and on-demand packet capture

Flow data in various industrials standards (NetFlow, IPFIX, jFlow, etc.) present an alternative approach to full packet capture when dealing with network forensics. Flows enriched with L7 information go even further and enable to replace cost efficient packet capture technology with lightweight and modern technology for high speed networks. Combined with on-demand or event triggered packet capture can significantly improve detection and forensics capabilities as well as reduce skill set and time effort needed to investigate large amount of full packet data. In featured workshop we will present technical background needed and go through selected scenarios concluded by Q&A session.