Unfolding an Investigation Using Forensic Tools and Techniques

Leena Arora
Carnegie Mellon University


This is a 3 hour long, fast-paced forensics challenge where participants will work in teams and perform memory and hard drive analysis to solve an investigation. Students will be provided with forensic workstations loaded with free, open source tools like autopsy and volatility, and the evidence for the case in hand. This challenge will touch upon core forensics topics such as memory analysis, timeline analysis, browser analysis, prefetch analysis, registry analysis to name a few. This hands-on scored event will be accomplished using STEPfwd training platform (https://stepfwd.cert.org/lms/), developed by Software Engineering Institute’s CERT Division at Carnegie Mellon University and can be accessed anywhere, anytime.


  • Wi-fi enabled laptop
  • A modern HTML5 compatible browser such as Internet Explorer 9+, Chrome 4+ and Firefox 35+.
  • A minimum resolution of 1280×1024 is recommended, with 1024×768 required.

Leena Arora

For eight years, Leena Arora has been working as a Cyber Security Exercise Developer and Trainer with the Software Engineering Institute’s CERT Division at Carnegie Mellon University. She has created numerous advanced cyber training exercises and delivered those to a wide variety of government and industry audiences. She has also been responsible for designing, developing and delivering many large scale, complex, virtualized training environments to various high visibility customer engagements. For four years of her tenure at CERT, she provided top-notch cyber security training to US Army NETCOM’s five Regional Cyber Centers spread across the globe. One of her primary interests is in the computer forensics field and she holds active GCFE (GIAC Certified Forensic Examiner), GCFA (GIAC Certified Forensic Analyst), and GASF (GIAC Advanced Smartphone Forensics) certifications. She earned her Master’s degree in Information Security Policy and Management from Carnegie Mellon University in 2010.