Re: [sleuthkit-users] Recommended sample images or materials for training users on Autopsy 3
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Recommended sample images or materials for training users on Autopsy 3
|
From: Mitch W. <mw...@gm...> - 2013-09-15 13:13:28
|
Simson, Hmmm... we have not used that one yet (only Jean, Patents, Nitroba). Where is it hosted for download? I will work that into our training schedule for this coming year. And, yes, will try our best to provide feedback or training materials. For me personally, I'd like to do our initial training on a Windows image, if possible. It's just a personal preference so that I can develop the training in less time. I think we will use Jean if no other suggestions come to light. Thanks. Mitch On Sun, Sep 15, 2013 at 9:05 AM, Simson Garfinkel <si...@ac...> wrote: > Mitch, > > Have you used the National Gallery DC attack scenario that we put together > in 2012? Currently we don't have any teaching materials for those images. > If you have used them, we would very much appreciate your materials. If you > have not used them, drop me an email and we can work on turing the raw data > into something usable for your application. > > To summarize what we have: > > * Iphone images > * Android phone images > * android tablet images > * network captures (one broken—they captured tcpdump's standard out rather > than the packets — this is interesting because such accidents actually > happen in the real world from time to time) > * memory dumps > * keyboard logging from a keystroke logger that was planted on the laptop > * Apple Macbook Air laptop > > There are two intertwined attacks, one involving a terrorist > organization's attempted attack on the National Gallery DC ( a fictional > art museum in Washington DC), the second involving the intended theft of > some art by an insider. > > > On Sep 15, 2013, at 8:56 AM, Mitch Wander <mw...@gm...> wrote: > > Appreciate that suggestion, Joel. We have used the NPS Corpus disk images > extensively for other training (and I should have noted that). > > We could re-do the same images. However, I know the training audience > would already have a leg up because of their familiarity with the images. > > Definitely a fallback option... > > Thanks. > > Mitch > > > > > On Sun, Sep 15, 2013 at 8:51 AM, Joel Fernandez < > Joe...@is...> wrote: > >> did you check out the NPS Corpus? >> http://digitalcorpora.org/corpora/disk-images >> >> >> >> On Sun, Sep 15, 2013 at 8:36 AM, Mitch Wander <mw...@gm...> wrote: >> >>> I'm conducting an internal training session (4-8 hours) on Autopsy 3 >>> for users who are familiar with Autopsy 2. All attendees are experienced >>> forensics analysts. >>> >>> Does anyone have suggestions on a good publicly available disk image to >>> highlight some of Autopsy 3's functionality (emails, extracted content, >>> hash sets, registry)? >>> >>> Also, does anyone have suggestions on training material or overall >>> training flow? For now, I was planning to develop my training by reviewing >>> the "help" pages for Autopsy 3 (in order to make sure I hit all the high >>> points). >>> >>> Thanks. >>> >>> Mitch >>> >>> >>> ------------------------------------------------------------------------------ >>> LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! >>> 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, >>> SharePoint >>> 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack >>> includes >>> Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13. >>> >>> http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> sleuthkit-users mailing list >>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>> http://www.sleuthkit.org >>> >>> >> > > ------------------------------------------------------------------------------ > LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! > 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, > SharePoint > 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack > includes > Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13. > > http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk_______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > > |
