Black Hat Digital Self Defense Europe 2007


Black Hat Europe Training 2007
Moevenpick Hotel Amsterdam City Centre, the Netherlands • 27-28 March 2007

Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Black Hat Certificate of Completion will be offered along with a ‘Certified LiveWire Examiner’ certificate (for those who qualify)

Black Hat Registration

Live Digital Investigation – Investigating the Enterprise

WetStone Technologies

What to bring:
Just Yourself.

Each student will be provided a pre-configured laptop with all software, lecture materials and lab exercises.

What you will learn
Upon completion of this intense two-day course, forensic examiners, private investigators, digital auditors, corporate security personnel, federal, state and local Law enforcement investigators, prosecutors and corporate IT personnel will have a complete understanding of the latest methods and techniques for acquiring, analyzing and investigating “Live” running enterprise computers.

As enterprise networking environments continue to expand in diversity, scope and geography, as the size of digital information progresses from a few hundred megabytes per workstation to terabytes of local storage, and as we are on the verge of fully encrypted file systems, our ability to perform traditional post-mortem investigations is coming to a close. In addition, the importance of “state” information that is typically lost during the “pull the plug” post-mortem investigations is ever increasing. Our ability to capture system state (running processes, physical memory, port/process association, alternate data streams, running services) must be preserved in order to rapidly triage incidents, prosecute those involved, identify accomplices and make critical enterprise-level decisions. As network intrusions, malicious insiders and criminal/terrorist organizations take aim at corporate networks, our ability to investigate these incidents is becoming imperative. 

Students will learn how to conduct a complete “Live” enterprise investigation including acquisition, examination, analysis, and evidence preservation. The tools currently used for “Live” enterprise investigation will be explained, demonstrated and utilized by the students as part of the laboratory sessions. Students will use these tools and learn how to carry out complete enterprise-level investigations.

The course includes 5 hours of lecture, 7 hours of practical lab exercises and investigation, culminating with a 2 hour written and practical exam. Each student is provided their own laptop with all tools and laboratory exercises installed for the lecture and hands-on portions of the labs.

Those sitting for, and passing WetStone’s written and practical exam, receive a ‘Certified LiveWire Examiner’ certificate.

WetStone Technologies, Inc. has executed multiple government-funded research and development projects in the area of Digital Forensics and Investigation over the last 5 years, giving them unique and first-hand insight into the latest methods, threats and techniques. WetSone has successfully trained over 1,500 students, representing digital investigators from commercial institutions, universities, the US government, and federal, state and local law enforcement agencies throughout the county. WetStone also conducts trainings at security conferences throughout the year.

What You Get
Each student will receive a copy of the lecture and lab materials, and extensive reference materials relating to Live Investigation Methods. Each Student will also receive a complimentary fully-licensed copy of WetStone’s Gargoyle Investigator™ Enterprise Edition software. This includes one year of free software maintenance.



Chet Hosmer is a co-founder, and the CEO and Chief Scientist of WetStone Technologies, Inc. He has over 25 years of experience in developing high technology software and hardware products, and during the last 15 years, has focused on research and development of information security technologies, with specialty areas including: cyber forensics, secure time, and intrusion detection and response.

Chet is a co-chair of the National Institute of Justice’s Electronic Crime and Terrorism Partnership Initiative’s Technology Working Group, and was one of five international steganography experts interviewed by ABC News after the 9/11 al-Qaeda attacks. Chet has been quoted in numerous cyber security articles, and has been invited to present as both a Keynote and Plenary speaker numerous times over the course of his career.

Chet is a member of the IEEE, ACM, and he is on the editorial board for the Journal of Digital Forensic Practice. Chet holds a B.S. Degree in Computer Science from Syracuse University where he is also an adjunct professor.

Black Hat Registration

Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Black Hat Certificate of Completion will be offered along with a ‘Certified LiveWire Examiner’ certificate (for those who qualify)


Early Bird:
Ends January 12, 2007

Ends February 25, 2007

Ends March 18, 2007

Begins March 19, 2007

1600 EUR

1700 EUR

1850 EUR

1950 EUR

Black Hat Logo
(c) 1996-2007 Black Hat