Sponsored by

logo-BasisTech_green-2-01

2014 Workshops

 

Creating Plaso Parsers Like There is No Tomorrow

Instructor: Kristinn Gudjonsson
Date/Time: Nov. 4, 2014 (1:00 p.m. – 4:00 p.m.)During this workshop, students will go through a code lab of how to write a simple Windows registry plugin, a SQLite database plugin, and a text parser. The code lab includes step-by-step instructions on an example parser that is already checked into the project, explaining how it works, and then ends with an exercise with students creating their own parser to parse example data.
These code labs should be enough to familiarize students with the code base so that they can then write parsers for plaso like there is no tomorrow.

What to Bring:

A laptop computer
Plaso development version alongside all dependencies installed, see http://plaso.kiddaland.net/developer/building-the-tool for instructions
Your “can-do” spirit and python joy
It would be great if you’ve got an idea about a simple parser/plugin to contribute to the project. We are going to run through some standard exercises for creating parsers and plugins, but if you complete that quickly, the idea is to go and create a new plugin/parser for the tool, first one to submit one (as in submit a code for review) will earn a glorified Plaso T-Shirt that can be worn when going to that formal ball with the queen.
About the Instructor

Kristinn Gudjonsson is a senior security engineer at Google, focused on forensics, incident response, tool development, and whatever gets thrown his way. Kristinn is the creator of the tool, log2timeline, and he is now one of the core developers of the new backend engine of log2timeline, called plaso.
Eventbrite – 2014 Open Source Digital Forensics Conference

Using Autopsy 3

Instructor: Basis Technology
Date/Time: Nov. 4, 2014 (1:00 p.m. – 4:00 p.m.)

Autopsy 3 is a Windows-Based desktop digital forensics tool suite. This hands-on workshop will cover the basic features of Autopsy and the configuration of its modules. We’ll install Autopsy, configure hash sets and keyword lists, and run some media through it to highlight the interface and features. This workshop will be taught by the same instructors that teach the 2-day Autopsy course.

What to Bring:

A laptop with Windows 7
Download Autopsy in advance from: http://sleuthkit.org/autopsy/
64-bit platform is preferred
3 Ghz processor
We will have two images, some hash sets, etc. so you will need to have 20GB of free disk space
More memory is always better. We recommend 8 GB RAM or more