Re: [sleuthkit-users] Recommended sample images or materials for training users on Autopsy 3
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Recommended sample images or materials for training users on Autopsy 3
|
From: Simson G. <si...@ac...> - 2013-09-15 13:05:36
|
Mitch, Have you used the National Gallery DC attack scenario that we put together in 2012? Currently we don't have any teaching materials for those images. If you have used them, we would very much appreciate your materials. If you have not used them, drop me an email and we can work on turing the raw data into something usable for your application. To summarize what we have: * Iphone images * Android phone images * android tablet images * network captures (one broken—they captured tcpdump's standard out rather than the packets — this is interesting because such accidents actually happen in the real world from time to time) * memory dumps * keyboard logging from a keystroke logger that was planted on the laptop * Apple Macbook Air laptop There are two intertwined attacks, one involving a terrorist organization's attempted attack on the National Gallery DC ( a fictional art museum in Washington DC), the second involving the intended theft of some art by an insider. On Sep 15, 2013, at 8:56 AM, Mitch Wander <mw...@gm...> wrote: > Appreciate that suggestion, Joel. We have used the NPS Corpus disk images extensively for other training (and I should have noted that). > > We could re-do the same images. However, I know the training audience would already have a leg up because of their familiarity with the images. > > Definitely a fallback option... > > Thanks. > > Mitch > > > > > On Sun, Sep 15, 2013 at 8:51 AM, Joel Fernandez <Joe...@is...> wrote: > did you check out the NPS Corpus? http://digitalcorpora.org/corpora/disk-images > > > > On Sun, Sep 15, 2013 at 8:36 AM, Mitch Wander <mw...@gm...> wrote: > I'm conducting an internal training session (4-8 hours) on Autopsy 3 for users who are familiar with Autopsy 2. All attendees are experienced forensics analysts. > > Does anyone have suggestions on a good publicly available disk image to highlight some of Autopsy 3's functionality (emails, extracted content, hash sets, registry)? > > Also, does anyone have suggestions on training material or overall training flow? For now, I was planning to develop my training by reviewing the "help" pages for Autopsy 3 (in order to make sure I hit all the high points). > > Thanks. > > Mitch > > ------------------------------------------------------------------------------ > LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! > 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint > 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes > Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13. > http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > > > ------------------------------------------------------------------------------ > LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! > 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint > 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes > Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13. > http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk_______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
