Black Hat USA 2007 Briefings and Training
Caesars Palace, Las Vegas • July 28-29 (Weekend) & July 30-31 (Weekday)

What you will learn
Learn to acquire, preserve and analyze on-demand ‘live’ evidence from an operational network and suspected targets. Connect the dots of suspicious network and user behavior to identify the source, methods and techniques employed by cyber criminals and rogue employees.

As traditional post-mortem investigations struggle with hard drives and operating systems that have welcomed encryption; it is important to take forensic investigations to the live arena. Rootkits, Keyloggers, and other malicious software have leveraged the complexity plaguing investigators when it comes to interrogating physical memory and other stateful information. Our ability to capture and interrogate system state (running processes, physical memory, port/process association, running services) must be preserved in order to rapidly triage incidents, prosecute those involved, identify accomplices and make critical enterprise-level decisions.

Students will learn how to conduct a complete “Live” enterprise investigation against volatile data including acquisition, examination, analysis, and evidence preservation. The tools currently used for “Live” enterprise investigation will be explained, demonstrated and utilized by the students as part of the laboratory sessions. Students will use these tools and learn how to carry out complete enterprise-level investigations.

The course includes 5 hours of lecture, 7 hours of practical lab exercises and investigation, culminating with a 2 hour written and practical exam. Each student is provided their own laptop with all tools and laboratory exercises installed for the lecture and hands-on portions of the labs. All students will receive an extensive reference CD with the tools used throughout the class.

Those sitting for, and passing WetStone’s written and practical exam, receive a ‘Certified Live Investigator’ certificate.

WetStone Technologies, Inc. has executed multiple government-funded research and development projects in the area of Digital Forensics and Investigation over the last 5 years, giving them unique and first-hand insight into the latest methods, threats and techniques. WetStone has successfully trained over 1,500 students, representing digital investigators from commercial institutions, universities, the US government, and federal, state and local law enforcement agencies throughout the county. WetStone also conducts trainings at security conferences throughout the year.

What You Get
Each student will receive a copy of the lecture and lab materials and extensive reference materials containing all tools used during the class relating to Live Investigation methods.

Chet Hosmer is the Chief Scientist of WetStone Technologies, Inc. a subsidiary of Allen Corporation of America. He has over 25 years of experience in developing high technology software and hardware products, and during the last 15 years, has focused on research and development of information security technologies, with specialty areas including: cyber forensics, secure time, and intrusion detection and response.

Chet is a co-chair of the National Institute of Justice’s Electronic Crime and Terrorism Partnership Initiative’s Technology Working Group, and was one of five international steganography experts interviewed by ABC News after the 9/11 al-Qaeda attacks. Chet has been quoted in numerous cyber security articles, and has been invited to present as both a Keynote and Plenary speaker numerous times over the course of his career.

Chet is a member of the IEEE, ACM, and he is on the editorial board for the Journal of Digital Forensic Practice. Chet holds a B.S. Degree in Computer Science from Syracuse University where he is also an adjunct professor.