I'm excited. For 10 weeks this summer I was privileged to teach SANS Security 508: Computer Forensics, Investigation and Response via the Mentor program. It is one of my favorite SANS courses for its depth and the extensive hands-on exercises. Unlike other forensics courses that teach specific tools without getting into what's going on behind the scenes, this course pulls back the curtain with an in depth look at different file systems and how they store and organize data on disk.
Once we've covered the foundational materials we introduce a comprehensive methodology that covers all the important aspects of conducting a successful investigation. There's even a day focused on legal issues.
If there's one problem with the course, it's the sheer volume of information to be digested. One nice thing about covering it over 10 weeks, as opposed to in six days, is that you get more time to take it all in, try things out, absorb the content and experiment with the tools and concepts.
I'm excited because I get to do it again starting in January. Full details are available at http://www.sans.org/mentor/details.php?nid=14464. If you live in the Kansas City area and are interested, please check it out. If you know someone else who may benefit from this, please spread the word.
No comments:
Post a Comment