Workshop #3: Status - Confirmed Attendees and Accepting Waitlist

​Unveiling Cyber-Criminal Actions:
The Art of Battlefield Forensics and Incident Response with Anna and Neumann

​The course "Unveiling cyber-criminal actions: The Art of Battlefield Forensics and Incident Response" covers essential topics in digital forensics, emphasizing the importance of understanding intake/collection processes and their impact on case outcomes. It highlights the significance of acquiring memory and detecting encryption. Specialization options and methods for diving deeper into the field are discussed.

​Students learn about file systems, metadata, evidence formats, and scene management for effective evidence acquisition. Acquisition hardware and software, including live response and dead box methods, are explored. Various acquisition methodologies, such as accessing devices and interacting with data, are covered. Hands-on labs demonstrate live response, dead box acquisition, and triage collection.

​Further topics include memory acquisition, encryption checking, host-based live acquisition, dead box acquisition, rapid triage with tools like KAPE, file and stream recovery, advanced data carving, and OSINT for threat intelligence gathering. Throughout the course, students gain practical skills in evidence acquisition and analysis critical for digital forensic investigations.