• Home
• Bio (official)
• Historical
  • hotseat
• Notepaper
• Forensics
• photos
  • Simson
• notes
  • smartrights
  • talking to reporters
• Contact

We will be using software that runs under Linux, MacOS and Windows.

Windows users may wish to install:

• VMWare Player for Windows.

• • I will bring to class a VMWare Appliance with Ubuntu 8.08 and the forensic tools pre-installed.

• FTK1.80 from Access Data.

You may also find that some of the tools mentioned below are available for Windows.


Mac users may wish to install:

• VMWare Fusion 2.0 for MacOS.

• • I will bring to class a VMWare Appliance with Windows XP and the forensic tools pre-installed.

• libewf
• afflib
• SleuthKit 3.0
• Scalpel 1.60 or PhotoRec

Linux users may wish to install:

• VMWare Player for Linux

• • I will bring to class a VMWare Appliance with Windows XP and the forensic tools pre-installed.

• libewf
• afflib
• SleuthKit 3.0
• Scalpel 1.60 or PhotoRec

Watch this space! I will be updating it as time permits. I will also make the Linux virtual machine available for download later this week.


  Sunday, November 9, 200  Sunday, November 9, 2008

Sunday, November 9, 2008

Sunday Full-Day Tutorials

S4 Computer Forensics (Hands-on)

Simson L. Garfinkel, Naval Postgraduate School

Who should attend: Anyone interested in recovering lost or deleted data, hunting for clues, and tracking information.

Computer forensics is the study of information stored in computer systems for the purpose of learning what happened to that computer at some point in the past—and for making a convincing argument about what was learned in a court of law. This day-long course includes morning tutorials on forensics policy and law, network protocols and network forensics, Web forensics, and document forensics, in which specific files are analyzed for subtle and possibly hidden information. The afternoon session will involve hands-on experiments using a variety of network and document forensic tools, working with a data set of real captured packets.

Monday, November 10, 2008

Monday Full-Day Tutorials
M3 Computer Forensics: Disk Forensics and Lab (Hands-on) NEW!

Simson L. Garfinkel, Naval Postgraduate School

Who should attend: Anyone interested in forensics or data recovery. Note: S3 is not a prerequisite to this class. Please see the Web site for what hardware and software are required.

Computer forensics is the study of information stored in computer systems for the purpose of learning what happened to that computer at some point in the past—and for making a convincing argument about what was learned in a court of law. This day-long course includes a morning tutorial and afternoon lab during which you will work several disk forensics cases with real data using commercial and open source tools.