Difference between pages "Helix3" and "Upcoming events"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Added local links)
 
(Scheduled Training Courses)
 
Line 1: Line 1:
{{Infobox_Software |
+
Here is a BY DATE listing of '''upcoming conferences and training events''' that pertain to [[digital forensics]]. Some of these duplicate the generic [[conferences]], but have specific dates/locations for the upcoming conference/training event.
  name = Helix |
+
  maintainer = [[e-fense]] |
+
  os = {{Linux}}, {{Windows}}, {{Solaris}} |
+
  genre = {{Live CD}} |
+
  license = {{GPL}}, others |
+
  website = [http://www.e-fense.com/helix/ e-fense.com/helix/] |
+
}}
+
  
'''Helix''' is a [[Live CD]] built on top of [[Knoppix]]. It focuses on [[Incident Response|incident response]] and [[computer forensics]].
+
<b> The Conference and Training List is provided by the American Academy of Forensic Sciences (AAFS) Digital and Multi-media Listserv</b>
 +
<i> (Subscribe by sending an email to listserv@lists.mitre.org with message body containing SUBSCRIBE AAFS-DIGITAL-MULTIMEDIA-LIST)</i>
 +
<b> Any requests for additions, deletions or corrections to this list should be sent by email to David Baker <i>(bakerd AT mitre.org)</i>. </b>
  
== Tools included ==
+
== Calls For Papers ==
 +
{| border="0" cellpadding="2" cellspacing="2" align="top"
 +
|- style="background:#bfbfbf; font-weight: bold"
 +
! Title
 +
! Due Date
 +
! Website
 +
|-
 +
|Black and White Ball
 +
|Apr 30, 2007
 +
|http://www.theblackandwhiteball.co.uk/cfp.php
 +
|-
 +
|BlackHat USA 2007
 +
|May 01, 2007
 +
|http://www.blackhat.com/html/bh-usa-07/bh-usa-07-cfp.html
 +
|-
 +
|International Conference on Incident Management and IT-Forensics
 +
|May 14, 2007
 +
|http://www.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2007/cfp_en.html
 +
|-
 +
|First Annual European DeepSec In-Depth Security Conference
 +
|Jun 10, 2007
 +
|http://deepsec.net/cfp/
 +
|-
 +
|DFRWS 2007 File Carving Challenge
 +
|Jul 09, 2007
 +
|http://www.dfrws.org/2007/challenge/submission.html
 +
|-
 +
|}
  
===Bootable Side:===
+
== Conferences ==
 +
{| border="0" cellpadding="2" cellspacing="2" align="top"
 +
|- style="background:#bfbfbf; font-weight: bold"
 +
! Title
 +
! Date/Location
 +
! Website
 +
|-
 +
|CanSecWest 2007
 +
|Apr 16-20, Vancouver, BC, Canada
 +
|http://cansecwest.com/
 +
|-
 +
|Conference on Digital Forensics, Security and Law
 +
|Apr 18-20, Washington, DC
 +
|http://www.digitalforensics-conference.org/
 +
|-
 +
|IACIS Computer Forensic Training Event 2007
 +
|Apr 23-May 04, Orlando, FL
 +
|http://www.iacis.com/iacisv2/pages/training.php
 +
|-
 +
|Computer and Enterprise Investigations Conference (CEIC)
 +
|May 06-09, Las Vegas, NV
 +
|http://www.ceic2007.com/
 +
|-
 +
|CONFidence 2007
 +
|May 13-14, Cracow, Poland
 +
|http://2007.confidence.org.pl/
 +
|-
 +
|22nd IFIP International Information Security Conference
 +
|May 14-16, Sandton, South Africa
 +
|http://www.sbs.co.za/ifipsec2007/
 +
|-
 +
|Texas Regional Infrastructure Security Conference (TRISC)
 +
|May 15-17, Austin, TX
 +
|http://www.trisc.org/
 +
|-
 +
|2007 Techno-Security Conference
 +
|Jun 03-06, Myrtle Beach, SC
 +
|http://www.techsec.com/html/Techno2007.html
 +
|-
 +
|Computer Security Institute NetSec '07
 +
|Jun 11-13, Scottsdale, AZ
 +
|http://www.gocsi.com/netsec/
 +
|-
 +
|2007 USENIX Annual Technical Conference
 +
|Jun 17-22, Santa Clara, CA
 +
|http://www.usenix.org/events/
 +
|-
 +
|Third Government Forum of Incident Response and Security Teams Conference
 +
|Jun 25-29, Orlando, FL
 +
|http://www.us-cert.gov/GFIRST/index.html
 +
|-
 +
|First International Workshop on Cyber-Fraud
 +
|Jul 01-06, San Jose, CA
 +
|http://www.iaria.org/conferences2007/CYBERFRAUD.html
 +
|-
 +
|Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) 2007
 +
|Jul 12-13, Lucerne, Switzerland
 +
|http://www.gi-ev.de/fachbereiche/sicherheit/fg/sidar/dimva/
 +
|-
 +
|16th USENIX Security Symposium
 +
|Aug 06-10, Boston, MA
 +
|http://www.usenix.org/events/
 +
|-
 +
|GMU 2007 Symposium
 +
|Aug 06-10, George Mason University, Fairfax, VA
 +
|http://www.rcfg.org
 +
|-
 +
|Digital Forensic Research Workshop 2007
 +
|Aug 13-15, Pittsburgh, PA
 +
|http://www.dfrws.org/2007/index.html
 +
|-
 +
|HTCIA 2007 International Training Conference & Exposition
 +
|Aug 27-29, San Diego, CA
 +
|http://www.htcia-sd.org/htcia2007.html
 +
|-
 +
|Recent Advances in Intrusion Detection (RAID) 2007
 +
|Sep 05-07, Gold Coast, Queensland, Australia
 +
|http://www.isi.qut.edu.au/events/conferences/raid07
 +
|-
 +
|14th International Conference on Image Analysis and Processing (ICIAP 2007)
 +
|Sep 10-14, Modena, Italy
 +
|http://www.iciap2007.org
 +
|-
 +
|3rd International Conference on IT-Incident Management & IT-Forensics
 +
|Sep 11-12, Stuttgart, Germany
 +
|http://www.imf-conference.org/
 +
|-
 +
|Black and White Ball
 +
|Sep 25-28, London, UK
 +
|http://www.theblackandwhiteball.co.uk/
 +
|-
 +
|Techno-Forensics Conference
 +
|Oct 29 - 31, Rockville, MD
 +
|http://www.techsec.com/html/TechnoForensics2007.html
 +
|-
 +
|DeepSec IDSC
 +
|Nov 22-24, Vienna, Austria
 +
|http://deepsec.net/
 +
|-
 +
|}
  
'''2hash'''  (v. 0.2 )  [http://trog.qgl.org/show.html?id=2477783]
+
== On-going / Continuous Training ==
A simple GPL tool to calculate the md5 and sha1 hashes of a file in a single read. If you're regularly checking/calculating hashes of large files this'll save you a lot of disk IO.
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
 +
|- style="background:#bfbfbf; font-weight: bold"
 +
! Title
 +
! Date/Location or Venue
 +
! Website
 +
|-
 +
|Basic Computer Examiner Course
 +
|Computer Forensic Training Online
 +
|http://www.cftco.com
 +
|-
 +
|MaresWare Suite Training
 +
|First full week every month, Atlanta, GA
 +
|http://www.maresware.com/maresware/training/maresware.htm
 +
|-
 +
|Linux Data Forensics Training
 +
|Distance Learning Format
 +
|http://www.crazytrain.com/training.html
 +
|-
 +
|}
  
'''Adepto''' With AFF Support  (v. 2.0 ) [http://www.e-fense.com/helix/]
+
== Scheduled Training Courses ==
e-fense Imaging program utilizing dcfldd. 
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
 
+
|- style="background:#bfbfbf; font-weight: bold"
'''[[AFF]]''' (aimage)  (v. 1.6.31 )  [http://www.afflib.org/]
+
! Title
The Advanced Forensic Format (AFF) is an extensible open format for the storage of disk images. It provide built in features such as compression, hash codes v erification, meta-data informations management.  The AFFLib provide special AFF assigned tools such : - aimage : creation of AFF images - afcat : generate a DD image from a AFF one - afcompare : verify a AFF his derivate DD image - afinfo : Validation of a AFF's image hash codes (md5, sha1) The AFFLib is developed by Mr. Simson L. Garfinkel.
+
! Date/Location
 
+
! Website
'''Air'''  (v. 1.2.8 )  [http://air-imager.sourceforge.net/]
+
! Limitation
AIR (Automated Image & Restore) is a GUI front-end to dd/dcfldd designed for easily creating forensic bit images.  Supports verification via MD5/SHA1, SCSI tape drives, imaging over a TCP/IP network, splitting images, and detailed session logging.
+
|-
 
+
|SMART for Linux
'''[[Autopsy]]'''  (v. 2.08 )  [http://www.sleuthkit.org/index.php]
+
|May 07-10, Austin, TX
The Autopsy Forensic Browser is a graphical interface to the command line digital investigation tools in The Sleuth Kit.  Together, they allow you to investigate the file system and volumes of a computer. 
+
|http://asrdata.com/training/training2.html
 
+
|-
'''chkrootkit'''  (v. 0.46 )  [http://www.chkrootkit.org/
+
|AccessData Internet Forensics
Shell script that checks system binaries for rootkit modification.
+
|May 08-10, Albuquerque, NM
 
+
|http://www.accessdata.com/training
'''chntpw'''  (v. 0.99.2 040105 )  [http://home.eunet.no/pnordahl/ntpasswd/]
+
|-
chntpw is a Linux utility to (re)set the password of any user that has a valid (local) account on your WinNT or Win2000 system, by modifying the crypted password in the registry's SAM file.  You do not need to know the old password to set a new one.  It works offline (i.e., you have to shutdown your computer and boot off a linux floppy disk).  The bootdisk includes stuff to access NTFS partitions and scripts to glue the whole thing together.  This utility works with SYSKEY and includes the option to turn it off.  A bootdisk image is provided.
+
|EnCase v5 Advanced Computer Forensics
 
+
|May 08-11, Washington DC
'''Clamav''' (v. 0.88.4 )  [http://www.clamav.net/stable.php]
+
|http://www.guidancesoftware.com/training/schedule.asp
Anti-Virus program. 
+
|-
 
+
|SMART Windows Data Forensics
[[dcfldd]]  (v. 1.3.4 )  [http://dcfldd.sourceforge.net/]
+
|May 14-16, Austin, TX
dcfldd is an enhanced version of GNU dd with features useful for forensics and security.
+
|http://asrdata.com/training/training2.html
 
+
|-
'''endeavour2''' File Manager  (v. 2.7.1 )  [http://wolfpack.twu.net/Endeavour2/]
+
|EnCase v5 Intermediate Analysis and Reporting
Endeavour Mark II is a complete file management suite with file manager; image browser, archiver, recycled objects system, and a set of file and disk management utility programs. It supports disk drive mounting, a fully customizable window appearance, a MIME Types system, and interapplication drag & drop support for KDE and GNOME compatibility (although KDE and GNOME are not required).
+
|May 15-18, United Kingdom
 
+
|http://www.guidancesoftware.com/training/schedule.asp
'''Ethereal'''  (v. 0.10.13) [http://www.ethereal.com/]
+
|-
Ethereal is used by professionals around the world for troubleshooting, analysis, software and protocol development, and education.  It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. 
+
|Computer Network Investigations Training Program (CNITP)
 
+
|May 15-25, FLETC, Glynco, GA
'''e2recover'''  (v. 1.0 )  [http://www.tucows.com/preview/8192]
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
These are tools to assist in recovering deleted files from ext2 file systems.
+
|Limited to Law Enforcement
 
+
|-
'''[[e2undel]]'''  (v. 0.82 )  [http://e2undel.sourceforge.net/]
+
|AccessData Internet Forensics
This is an interactive console tool that recovers the data of deleted files on an ext2 file system under Linux. 
+
|May 22-24 , Solna, Sweden
 
+
|http://www.accessdata.com/training
'''[[fatback]]'''  (v. 1.3 )  [http://sourceforge.net/project/showfiles.php?group_id=46038]
+
|-
A program used to recover deleted files from a FAT file system. 
+
|EnCase v5 Advanced Computer Forensics
 
+
|May 22-25, United Kingdom
[[Mozilla Firefox|Firefox]]  (v. 1.5.0.1 )  [http://www.mozilla.com/en-US/firefox/all.html]
+
|http://www.guidancesoftware.com/training/schedule.asp
Graphical Internet browser. 
+
|-
 
+
|SARC Steganography Examiner Training
'''foomatic-gui'''  (v. 0.7.4.17 )  [http://freshmeat.net/projects/foomatic-gui/]
+
|May 23 - 24, Orlando, FL (National Center for Forensic Science)
Foomatic is a database-driven system for integrating free software printer drivers with common spoolers under Unix.  It supports CUPS, LPRng, LPD, GNUlpr, Solaris LP, PPR, PDQ, CPS, and direct printing with every free software printer driver known to us and every printer known to work with these drivers. 
+
|http://www.sarc-wv.com/training.aspx
 
+
|-
[[foremost]]  (v. 1.3 )  [http://foremost.sourceforge.net/]
+
|First Responder to Digital Evidence Program (FRDE)
Foremost is a console program to recover files based on their headers, footers, and internal data structures.  This process is commonly referred to as data carving.  Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive.  The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types.  These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery. 
+
|May 30-Jun 01, FLETC, Glynco, GA
 
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
'''ftimes'''  (v. 3.4.0 )  [http://ftimes.sourceforge.net/FTimes/]
+
|Limited to Law Enforcement
FTimes is a system baselining and evidence collection tool.  The primary purpose of FTimes is to gather and/or develop topographical information and attributes about specified directories and files in a manner conducive to intrusion and forensic analysis.
+
|-
 
+
|Computer Forensics First Responder
'''galleta'''  ( v. 1.0 ) [http://www.foundstone.com/resources/proddesc/galleta.htm]
+
|May 31, Indianapolis, IN
Galleta will parse the information in a Cookie file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program. Galleta is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms. 
+
|http://www.ifi-indy.org/ifi%20training/train.html
 
+
|-
'''Gcombust''' - Graphical CD Burner (v. 0.1.55-2 ) [http://www.abo.fi/~jmunsin/gcombust/]
+
|AccessData BootCamp
gcombust is a GTK+ frontend for mkisofs, mkhybrid, cdrecord, and cdlabelgen.  It has primitive support for controlling the directory (root) structure and size of an image without copying files/symlinking or writing 10 lines of arguments.  It can also maximize disk usage by hinting at which directories/files to use. 
+
|May 31-Jun 02, Myrtle Beach, SC
 
+
|http://www.accessdata.com/training
'''GHex'''  (v. 2.8.1 )  [http://directory.fsf.org/ghex.html]
+
|-
GHex is a simple binary editor.  It lets users view and edit a binary file in both hex and ascii with a multiple level undo/redo mechanism.  Features include find and replace functions, conversion between binary, octal, decimal and hexadecimal values, and use of an alternative, user-configurable MDI concept that lets users edit multiple documents with multiple views of each. 
+
|AccessData Windows Forensics
 
+
|May 31-Jun 02, Myrtle Beach, SC
'''GQView'''  (v. 2.0.1 )  [http://gqview.sourceforge.net/]
+
|http://www.accessdata.com/training
An image browser that features single click access to view images and move around the directory tree. 
+
|-
 
+
|SMART for Linux
'''Graveman''' - Graphical CD Burner  (v. 0.3.12-4-2.1 ) [http://graveman.tuxfamily.org/]
+
|Jun 04-07, Austin, TX
GRAVEMAN is a GUI frontend for CD-R tools (cdrecord, readcd, and mkisofs), cdrdao, DVD+RW tools (growisofs and dvd+rw-format), and sox. It allows you to burn audio CDs (from WAV, Ogg, MP3, or FLAC files) and data CDs or DVDs, and allows you to duplicate CDs.
+
|http://asrdata.com/training/training2.html
 
+
|-
'''grepmail'''  (v. 5.3032 )  [http://grepmail.sourceforge.net/]
+
|AccessData BootCamp
grepmail searches a normal or compressed mailbox (gzip, bzip2, or tzip) for a given regular expression and returns those emails that match the query.  It also supports searches constrained by date and size.
+
|Jun 05-07, Albuquerque, NM
 
+
|http://www.accessdata.com/training
'''[[LinEn]]'''  (v. 5.05f )  [https://www.guidancesoftware.com/]
+
|-
EnCase also has developed a method of acquisition with Linux machines or "Linen" (EnCase for Linux), and the interface is similar to that of EnCase for DOS but of course the process is completely different from EnCase for DOS. 
+
|Advanced Data Forensics Topics
 
+
|Jun 11-13, Austin, TX
'''[[md5deep]]''' Suite  (v. 1.12)  [http://md5deep.sourceforge.net/]
+
|http://asrdata.com/training/training2.html
md5deep is a cross-platform set of programs to compute MD5, SHA-1, SHA-256, Tiger, or Whirlpool message digests on an arbitrary number of files.  The programs run on Windows, Linux, Cygwin, *BSD, OS X, Solaris, and should run on most other platforms.  md5deep is similar to the md5sum program found in the GNU Coreutils package. 
+
|-
 
+
|Digital Evidence Acquisition Specialist Training Program (DEASTP)
'''mac_grab'''  (v. 1.0 )  [http://www.e-fense.com/helix/]
+
|Jun 11-22, FLETC, Glynco, GA
e-fense created program to grab all of the MAC times from a system. 
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
 
+
|Limited to Law Enforcement
'''Magicrescue'''  (v. 1.1.4 )  [http://jbj.rapanden.dk/magicrescue/]
+
|-
Magic Rescue scans a block device for file types it knows how to recover and calls an external program to extract them.  It looks at "magic bytes" in file contents, so it can be used both as an undelete utility and for recovering a corrupted drive or partition.  As long as the file data is there, it will find it.  It works on any file system, but on very fragmented file systems it can only recover the first chunk of each file.  Practical experience (this program was not written for fun) shows, however, that chunks of 30-50MB are not uncommon. 
+
|Helix Live Forensics and Incident Response Course
 
+
|Jun 12-14, SEARCH - Sacramento, CA
'''NTFS-3G'''  (v. 2006-08-22-BETA ) [http://www.ntfs-3g.org/]
+
|https://www.e-fense.com/register.php
Finally Linux has got full read-write open source NTFS support!  Preliminary benchmarks show that the still unoptimized driver already sometimes twice as fast as ext3 and 20-50 faster than the commercial Paragon NTFS.  Interestingly Captive NTFS, which uses the native Windows NTFS driver, fails all benchmarks with file loss.
+
|-
 
+
|AccessData Internet Forensics
'''Outguess'''  (v. 0.2 )  [http://www.outguess.org/]
+
|Jun 12-14 , Boise, ID
Improved version of stegdetect released.  Stegdetect now supports linear discriminant analysis to detect any JPEG based stego system.  It also features improved detection of F5. 
+
|http://www.accessdata.com/training
 
+
|-
'''pasco'''  (v. 1.0 )  [http://www.foundstone.com/resources/proddesc/pasco.htm]
+
|AccessData Windows Forensics
Pasco will parse the information in an index.dat file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program.  Pasco is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms. 
+
|Jun 19-21, Dallas, TX
'''
+
|http://www.accessdata.com/training
PyFlag'''  (v. 0.80.1 )  [http://pyflag.sourceforge.net/] 
+
|-
FLAG (Forensic and Log Analysis GUI) was designed to simplify the process of log file analysis and forensic investigations.  Often, when investigating a large case, a great deal of data needs to be analyzed and correlated.  PyFlag uses a database as a backend to assist in managing the large volumes of data.  This allows PyFlag to remain responsive and expedite data manipulation operations. 
+
|SMART for Linux
 
+
|Jul 09-12, Austin, TX
'''qtparted'''  (v. 0.4.5-cvs )  [http://qtparted.sourceforge.net/]
+
|http://asrdata.com/training/training2.html
QTParted is a Partition Magic clone written in C++ using the Qt toolkit. 
+
|-
 
+
|Cyber Counterterrorism Investigations Training Program (CCITP)
'''Retriever'''  (v. 2.0 )  [http://www.e-fense.com/helix/]
+
|Jul 09-13, FLETC, Glynco, GA
e-fense created program to give a quick look at a “live” system and identify graphic images, word documents and other file types. 
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
 
+
|Limited to Law Enforcement
'''rkhunter'''  (v. 1.2.7 )  [http://rkhunter.sourceforge.net/
+
|-
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers.  The package contains one shell script, a few text-based databases, and optional Perl modules.  It should run on almost every Unix clone. 
+
|SMART Windows Data Forensics
 
+
|Jul 16-18, Austin, TX
'''regviewer'''  (v. 0.1 )  [http://sourceforge.net/projects/regviewer/] 
+
|http://asrdata.com/training/training2.html
RegViewer is GTK 2.2 based GUI Windows’s registry file navigator.  It is platform independent allowing for examination of Windows registry files from any platform.  Particularly useful when conducting forensics of Windows files from *nix systems.
+
|-
 
+
|Seized Computer Evidence Recovery Specialist (SCERS)
'''rifiuti'''  (v. 1.0 )  [http://www.foundstone.com/resources/proddesc/rifiuti.htm]
+
|Jul 16-27, FLETC, Glynco, GA
Rifiuti will parse the information in an INFO2 file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program.  Rifiuti is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms. 
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
 
+
|Limited to Law Enforcement
'''Scalpel'''  (v. 1.54 )  [http://www.digitalforensicssolutions.com/Scalpel/]
+
|-
A digital forensics tool used for carving data from image files based upon the configuration file requirements. This program replaces foremost. 
+
|AccessData BootCamp
 
+
|Jul 17-19, Boise, ID
'''Sleuthkit'''  (v. 2.06 ) [http://www.sleuthkit.org/index.php]
+
|http://www.accessdata.com/training
The Sleuth Kit (TSK) is a collection of UNIX-based command line tools that allow you to investigate a computer.  The current focus of the tools is the file and volume systems and TSK supports FAT, Ext2/3, NTFS, UFS, and ISO 9660 file systems. 
+
|-
 
+
|AccessData Windows Forensics
'''ssdeep'''  (v. 1.1 )  [http://ssdeep.sourceforge.net/]
+
|Jul 24-26, Albuquerque, NM
Computes a checksum based on context triggered piecewise hashes for each input file.  If requested, the program matches those checksums against a file of known checksums and reports any possible matches.  Output is written to standard out and errors to standard error.  Input from standard input is not supported. 
+
|http://www.accessdata.com/training
 
+
|-
'''stegdetect'''  (v. 0.6 )  [http://www.outguess.org/detection.php]
+
|First Responder to Digital Evidence Program (FRDE)
An automated tool for detecting steganographic content in images.  It is capable of detecting several different steganographic methods to embed hidden information in JPEG images.  Currently, the detectable schemes are: jsteg, jphide (unix and windows), invisible secrets, outguess 01.3b, F5 (header analysis), appendX and camouflage.  Stegbreak is used to launch dictionary attacks against JSteg-Shell, JPHide and OutGuess 0.13b.
+
|Jul 31-Aug 02, FLETC, Glynco, GA
 
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
'''Totem'''  (v. 1.2.1-3 )  [http://www.gnome.org/projects/totem/] 
+
|Limited to Law Enforcement
A simple video media player for the Gnome desktop.  
+
|-
 
+
|SMART for Linux
'''Xfprot'''  (v. 1.13 ) [http://web.tiscali.it/sharp/xfprot/] 
+
|Aug 06-09, Austin, TX
XFPROT is a graphical front end to the F-Prot Antivirus(TM) for Linux Small Business Edition from version 3.12b up to version 4.6.x. F-Prot Antivirus(TM) for Linux is Copyrighted by Frisk Software International and is free of charge for personal use and downloadable at www.f-prot.com. 
+
|http://asrdata.com/training/training2.html
 
+
|-
'''xhfs'''  (v. 3.2.6 )  [http://www.mars.org/home/rob/proj/hfs/] 
+
|Computer Network Investigations Training Program (CNITP)
xhfs presents a graphical front-end for browsing and copying files on HFS-formatted volumes.  This is a Macintosh HFS File Browser. 
+
|Aug 14-24, FLETC, Glynco, GA
 
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
'''Xine-ui'''  (v. 0.99.3 )  [http://xinehq.de/
+
|Limited to Law Enforcement
xine is a free multimedia player.  It plays back CDs, DVDs, and VCDs.  It also decodes multimedia files like AVI, MOV, WMV, and MP3 from local disk drives, and displays multimedia streamed over the Internet.  It interprets many of the most common multimedia formats available - and some of the most uncommon formats, too. 
+
|-
 
+
|SMART Linux Data Forensics
'''Xmms'''  (v. 1.2.10 )  [http://freshmeat.net/projects/xmms/] 
+
|Aug 13-15, Austin, TX
XMMS is a multimedia player based on the look of WinAmp. XMMS plays MPEG layer 1/2/3, Ogg Vorbis, WAV, all formats supported by libmikmod, and CD audio. XMMS has a plugin system for Input / Output / Effects / Visualization, and through plugins it can play a lot more sound and video formats. 
+
|http://asrdata.com/training/training2.html
'''
+
|-
xpdf'''  (v. 3.01 )  [http://www.foolabs.com/xpdf/]
+
|Macintosh Forensic Survival Course
Xpdf is a viewer for Portable Document Format (PDF) files. (These are also sometimes also called 'Acrobat' files, from the name of Adobe's PDF software.) The Xpdf project also includes a PDF text extractor, PDF-to-PostScript converter, and various other utilities. It runs under the X Window System on UNIX, VMS, and OS/2.
+
|Aug 13-17, Fredricksburg, VA
 
+
|http://www.phoenixdatagroup.com/cart/index.php
+
|-
===Live Windows Side:===
+
|AccessData Internet Forensics
 
+
|Aug 14-16 , Austin, TX
'''Access PassView'''  (v. 1.12 )  [http://www.nirsoft.net/utils/accesspv.html]
+
|http://www.accessdata.com/training
This utility reveals the database password of every password-protected mdb file that created with Microsoft Access 95/97/2000/XP or with Jet Database Engine 3.0/4.0 . It can be very useful if you forgot your Access Database password and you want to recover it.
+
|-
'''
+
|Helix Live Forensics and Incident Response Course
Astrick Logger'''  (v. 1.02 ) [http://www.nirsoft.net/utils/astlog.html]
+
|Aug 28-30, Tennessee Bureau of Investigations - Nashville, TN
Many applications, like CuteFTP, CoffeeCup Free FTP, VNC, IncrediMail, Outlook Express, and others, allows you to type a password for using it in the application. The typed password is not displayed on the screen, and instead of the real password, you see a sequence of asterisk ('****') characters. This utility can reveal the passwords stored behind the asterisks in standard password text-boxes.
+
|https://www.e-fense.com/register.php
'''
+
|-
Drive Manager'''  (v. 3.23 )  [http://www.alexnolan.net/software/driveman.htm]
+
|SMART for Linux
Drive Manager has been written to help you easily identify drives which are of the same type.  As well as displaying the volume label it also displays vendor information so that multiply CD/DVD drives and removable drives such as USB thumb drives can be differentiated by their manufacturer’s name, version and revision date.  Also the serial number can be seen as a unique ID for each drives. 
+
|Sep 03-06, Austin, TX
 
+
|http://asrdata.com/training/training2.html
'''FAU'''  (v. 1035 )  [http://users.erols.com/gmgarner/forensics/]
+
|-
Incident Response tool that can be used to image a system’s memory as well as any attached devices.
+
|First Responder to Digital Evidence Program (FRDE)
 
+
|Sep 11-13, FLETC, Glynco, GA
'''Forensic Server Project'''  (v. 1.0 ) [http://www.windows-ir.com/fsp.html]
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
The Forensic Server Project (FSP) is a proof of concept tool for retrieving volatile (and some non-volatile) data from potentially compromised systems.  The FSP consists of several Perl scripts and third-party utilities.  The server component of the FSP is run on an investigator or administrator's system, and handles all data storage and activity logging.  The client components (i.e., FRU.pl and supporting Perl scripts and tools) of the FSP are burned to a CD, and run from the CD drive of the potentially compromised system.  Data is copied to the server component via TCP/IP.
+
|Limited to Law Enforcement
 
+
|-
'''FTK Imager'''  (v. 2.5.1 )  [http://www.accessdata.com/support/downloads/
+
|AccessData Applied Decryption
FTK Imager allows you to acquire physical device images and logically view data from FAT, NTFS, EXT 2 and 3 as well as HFS and HFS+ file systems.  Additionally, FTK Imager allows you to truly multi-task by creating multiple images from a single source and / or multiple images simultaneously. FTK Imager generates DD, SMART and Encase® images and reads several other industry standard formats.  With Isobuster technology built in, FTK Imager provides ready access to CDFS and DVD file systems - to include multi and open session CDs.
+
|Sep 11-13, Dallas, TX
 
+
|http://www.accessdata.com/training
'''galleta ''' ( v. 1.0 )  [http://www.foundstone.com/resources/proddesc/galleta.htm]
+
|-
Galleta will parse the information in a Cookie file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program.  Galleta is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms. 
+
|Enterprise Data Forensics
 
+
|Sep 17-19, Austin, TX
'''HoverSnap'''  (v. 0.8 )  [http://www.hoverdesk.net/freeware.htm]
+
|http://asrdata.com/training/training2.html
HoverSnap is a free handy snapshot tool with jpg, png, bmp and gif support.  HoverSnap can take snapshots of the full screen, active window or a selected area.  It can even capture layered windows (alphablended ones under 2K / XP).  You can even FTP upload your screenshots!  You can set up the capture folder / filename and format.  You can reduce the capture size.  Auto-generate filename option will add the time stamp (date/time) to your filename in order to be able to take several captures without having to change the filename.  Optional sound when capture is done.
+
|-
 
+
|Macintosh Forensic Survival Course
'''IECookiesView'''  (v. 1.70 )  [http://www.nirsoft.net/utils/iecookies.html]
+
|Sep 24-28, Santa Ana, CA
IECookiesView is a small and handy utility that displays the details of all cookies that IE stores on your computer.  In addition, it allows you to sort the cookies, delete selected ones, and view detailed information about each one and even save the cookies to a readable text file.  If you are connected to a network, you can watch the cookies of other computers, as long as you have a read permission on the cookies folder and under Windows 2000, you can view the cookies of other users (admin rights).  IECookiesView also allows you to view references to deleted cookies that are still stored in the index.dat file. 
+
|http://www.phoenixdatagroup.com/cart/index.php
 
+
|-
'''IEHistoryView'''  (v. 1.32 )  [http://www.nirsoft.net/utils/iehv.html]
+
|AccessData Applied Decryption
IEHistoryView allows you to view and modify the history of visited websites in Internet Explorer.  In addition, you can also export all or selected items to HTML reports, view detailed properties for selected entries, sort them and more.  The program allows you to access the history of other user accounts or network computers as well, provided that you have the proper access rights. 
+
|Sep 25-27, Chicago, IL
 
+
|http://www.accessdata.com/training
'''IRCR'''  (v. 2.3 )  [http://tools.phantombyte.com/]
+
|-
The Incident Response Collection Report is a script to call a collection of tools that gathers and/or analyzes data on a Microsoft Windows system.  You can think of this as a snapshot of the system in the past. Most of the tools are oriented towards data collection rather than analysis. 
+
|AccessData BootCamp
 
+
|Sep 25-27, Solna, SE
'''Mail PassView'''  (v. 1.36 )  [http://www.nirsoft.net/utils/mailpv.html]
+
|http://www.accessdata.com/training
Mail PassView is a small password-recovery tool that reveals the passwords and other account details for the following email clients:
+
|-
Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape 6.x/7.x, Mozilla Thunderbird, Group Mail Free, Yahoo! Mail - If the password is saved in Yahoo! Messenger application, Hotmail/MSN mail - If the password is saved in MSN Messenger application and Gmail - If the password is saved by Gmail Notifier application.
+
|SMART for Linux
 
+
|Oct 01-04, Austin, TX
'''memdump'''  (v. 2.0 )  [http://www.tssc.de/index.htm]
+
|http://asrdata.com/training/training2.html
The MEMDump utility is designed to dump or copy any part of 4GB linear memory address space under MS-DOS and Windows 9x DOS to a console, text or binary file.
+
|-
 
+
|SMART Windows Data Forensics
'''MessenPass'''  (v. 1.08 )  [http://www.nirsoft.net/utils/mspass.html]
+
|Oct 08-10, Austin, TX
MessenPass allows you to recover your password(s) from a wide variety of popular Instant Messenger programs, including MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger, AOL Instant Messenger/Netscape 7, Trillian, Miranda and GAIM.  Just run the program and it will present you with a list of all accounts found on your PC, including the username and passwords.  The list can be exported to HTML or saved as text file.  MessenPass can only be used to recover the passwords for the current logged-on user on your local computer. You cannot use it for grabbing the passwords of other users. 
+
|http://asrdata.com/training/training2.html
 
+
|-
'''Mozilla Cookie View'''  (v. 1.11 )  [http://www.nirsoft.net/utils/mzcv.html]
+
|SMART for Linux
MozillaCookiesView is an alternative to the standard 'Cookie Manager' provided by Netscape and Mozilla browsers. It displays the details of all cookies stored inside the cookies file (cookies.txt) in one table, and allows you to save the cookies list into text, HTML or XML file, delete unwanted cookies, and backup/restore the cookies file.
+
|Nov 05-08, Austin, TX
 
+
|http://asrdata.com/training/training2.html
'''Network Password Recovery'''  (v. 1.03 )  [http://www.nirsoft.net/utils/network_password_recovery.html]
+
|-
Network Password Recovery can retrieve all network passwords stored on your system for the current logged-on user.  In addition, it can also recover any .NET Passport accounts that are stored locally. 
+
|AccessData BootCamp
 
+
|Nov 06-08, Austin, TX
'''pasco'''  (v. 1.0 )  [http://www.foundstone.com/resources/proddesc/pasco.htm]
+
|http://www.accessdata.com/training
Pasco will parse the information in an index.dat file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program.  Pasco is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms.
+
|-
 
+
|AccessData Windows Forensics
'''PC Inspector File Recovery'''  (v. 4.0 )  [http://www.pcinspector.de/] 
+
|Nov 06-08, Solna, Sweden
PC Inspector File Recovery is a data recovery program that supports the FAT 12/16/32 and NTFS file systems.  Finds partitions automatically, even if the boot sector or FAT has been erased or damaged (does not work with the NTFS file system).  Recovers files with the original time and date stamp.  Supports saving of recovered files to network drives. 
+
|http://www.accessdata.com/training
 
+
|-
'''PC On/Off Time'''  (v. 2.0)  [http://www.snapfiles.com/get/pconoff.html]
+
|SMART Linux Data Forensics
This free time tracking tool shows the times your computer has been active during the last 3 weeks, with no previous setup required.  The software doesn't need to run in the background, because Windows OS tracks login and logoff times (working hours) by default, and the program analyses it. 
+
|Nov 12-14, Austin, TX
 
+
|http://asrdata.com/training/training2.html
'''Process Explorer'''  (v. 10.2 )  [http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx]
+
|-
The Process Explorer display consists of two sub-windows.  The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded.  Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded. 
+
|SMART for Linux
 
+
|Dec 03-06, Austin, TX
'''Protected Storage PassView'''  (v. 1.63 )  [http://www.nirsoft.net/utils/pspv.html]
+
|http://asrdata.com/training/training2.html
Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer and Outlook Express.  The passwords are revealed by reading the information from the Protected Storage.  These include all email and web site passwords where you chose "remember password" (not cookie passwords) as well as auto-complete passwords.  This utility can only show the passwords of the current logged-on user, it cannot reveal the passwords of other users.
+
|-
 
+
|AccessData Internet Forensics
'''PsTools Suite'''  (v. 2.34 )  [http://www.microsoft.com/technet/sysinternals/utilities/pstools.mspx]
+
|Dec 04-06 , Solna, Sweden
What sets these tools apart is that they all allow you to manage remote systems as well as the local one.  The first tool in the suite was PsList, a tool that lets you view detailed information about processes, and the suite is continually growing.  The "Ps" prefix in PsList relates to the fact that the standard UNIX process listing command-line tool is named "ps", so I've adopted this prefix for all the tools in order to tie them together into a suite of tools named PsTools.  The tools included in the PsTools suite, which are downloadable individually or as a package, are: 
+
|http://www.accessdata.com/training
PsExec - execute processes remotely
+
|-
PsFile - shows files opened remotely
+
|Enterprise Data Forensics
PsGetSid - display the SID of a computer or a user
+
|Dec 10-12, Austin, TX
PsKill - kill processes by name or process ID
+
|http://asrdata.com/training/training2.html
PsInfo - list information about a system
+
|-
PsList - list detailed information about processes
+
|}
PsLoggedOn - see who's logged on locally and via resource sharing
+
PsLogList - dump event log records
+
PsPasswd - changes account passwords
+
PsService - view and control services
+
PsShutdown - shuts down and optionally reboots a computer
+
PsSuspend - suspends processes
+
All of the utilities in the PsTools suite work on Windows NT, Windows 2000 and Windows XP.
+
 
+
'''Pst Password Viewer'''  (v. 1.00 ) [http://www.nirsoft.net/utils/pst_password.html
+
The password encryption in the PST file is very weak, and for each password-protected PST file, there are many passwords that can open it.  PstPassword provides 3 different passwords for each password-protected PST file.  It's possible that one of them will be the original password that you typed, and it's also possible that none of these passwords will be identical to the original one.  However, all 3 passwords provided by PstPassword will open the PST file without problems. 
+
 
+
'''ptfinder'''  (v. 2.0 )  [http://computer.forensikblog.de/en/2006/03/ptfinder_0_2_00.html]
+
PTFinder searches a memory dump of a system running Microsoft Windows for traces of processes and threads.  Some functional checks are also applied.
+
'''
+
PuTTY SSH Client'''  (v. 0.58 )  [http://www.chiark.greenend.org.uk/~sgtatham/putty/]
+
PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator.
+
 
+
'''reg'''  (v.  )  [http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/reg.mspx?mfr=true]
+
Adds, changes, and displays registry subkey information and values in registry entries, for the Local User. 
+
 
+
'''RegScanner'''  (v. 1.30 )  [http://www.nirsoft.net/utils/regscanner.html]
+
RegScanner is a small utility that allows you to scan the Registry, find the desired Registry values that match to the specified search criteria, and display them in one list.  After finding the Registry values, you can easily jump to the right value in RegEdit, simply by double-clicking the desired Registry item.  You can also export the found Registry values into a .reg file that can be used in RegEdit. 
+
 
+
'''ReSysInfo'''  (v. 2.1 )  [http://www.dominik-reichl.de/freeware.shtml] 
+
ReSysInfo is a system information viewer for Windows.  The tool has 25 total information modules: BIOS information, CMOS, desktop, DirectX, drives, environment, fonts, keyboard, locale, machine & APM, mainboard, MCI, memory, mouse, multimedia, network, OpenGL, passwords, ports, printers & fax, processes, processor, video system, general information about Windows and a summary.  ReSysInfo has a Report Wizard which can export the information to 3 different formats: plain text, HTML and XML. 
+
 
+
'''rifiuti'''  (v. 1.0 )  [http://www.foundstone.com/resources/proddesc/rifiuti.htm]
+
Rifiuti will parse the information in an INFO2 file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program. Rifiuti is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms. 
+
 
+
'''Rootkit Revealer'''  (v. 1.7 )  [http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx]
+
Rootkit Revealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.  Rootkit Revealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender (note: Rootkit Revealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys).  If you use it to identify the presence of a rootkit please let us know!
+
 
+
'''Secreport'''  (v. 3.27.07 )  [http://members.verizon.net/~vze3vkmg/index.htm]
+
It is a small suite of two command-line tools for collecting security-related information from Windows-based system (SecReport) and comparing any two reports either from any two systems or from same system after some time (Delta).  I use these tools to quickly assess level of securing of Windows system and to compare results to baseline.  The tools are useful both in daily security administration and during incident responce - for fast collection of information.  Tools do not need to be installed on system and can be run directly from hard or CD-R disk or network drive (mapped or UNC).  Format of reports - XML.  Reports can be viewed with IE 6.0 browser. MD5 hash file for report automatically created.
+
 
+
'''WFT'''  (v. 2.0 )  [http://www.foolmoon.net/security/wft/]
+
The Windows Forensic Toolchest (WFT) was written to provide an automated incident response [or even an audit] on a Windows system and collect security-relevant information from the system.  It is essentially a forensically enhanced batch processing shell capable of running other security tools and producing HTML based reports in a forensically sound manner.  A knowledgeable security person can use it to help look for signs of an incident (when used in conjunction with the appropriate tools).  WFT is designed to produce output that is useful to the user, but is also appropriate for use in court proceedings.  It provides extensive logging of all its actions along with computing the MD5 checksums along the way to ensure that its output is verifiable.  The primary benefit of using WFT to perform incident responses is that it provides a simplified way of scripting such responses using a sound methodology for data collection. 
+
 
+
 
+
'''Winaudit'''  (v. 2.15 )  [http://www.pxserver.com/WinAudit.htm]
+
WinAudit is easy to use; no special knowledge is required to use the program.  It is a self-contained single file that needs no installation or configuration.  It can be run from a floppy disk or USB stick. Simply download the program and double click on it.  User interface translations have been kindly contributed by several people; if possible WinAudit will automatically start in your language.  The program reports on virtually every aspect of computer inventory and configuration.  Results are displayed in web-page format, categorized for ease of viewing and text searching.  Whether your interest is in software compliance, hardware inventory, technical support, security or just plain curiosity, WinAudit has it all.  The program has advanced features such as service tag detection, hard-drive failure diagnosis, network port to process mapping, network connection speed, system availability statistics as well as Windows® update and firewall settings.
+
 
+
+
'''Cygwin Tools'''
+
 
+
== External Links ==
+
 
+
* [http://www.e-fense.com/helix/faq.php Helix FAQ]
+
* [http://www.e-fense.com/helix/downloads.php Helix CD image download]
+

Revision as of 07:40, 8 May 2007

Here is a BY DATE listing of upcoming conferences and training events that pertain to digital forensics. Some of these duplicate the generic conferences, but have specific dates/locations for the upcoming conference/training event.

The Conference and Training List is provided by the American Academy of Forensic Sciences (AAFS) Digital and Multi-media Listserv (Subscribe by sending an email to listserv@lists.mitre.org with message body containing SUBSCRIBE AAFS-DIGITAL-MULTIMEDIA-LIST) Any requests for additions, deletions or corrections to this list should be sent by email to David Baker (bakerd AT mitre.org).

Calls For Papers

Title Due Date Website
Black and White Ball Apr 30, 2007 http://www.theblackandwhiteball.co.uk/cfp.php
BlackHat USA 2007 May 01, 2007 http://www.blackhat.com/html/bh-usa-07/bh-usa-07-cfp.html
International Conference on Incident Management and IT-Forensics May 14, 2007 http://www.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2007/cfp_en.html
First Annual European DeepSec In-Depth Security Conference Jun 10, 2007 http://deepsec.net/cfp/
DFRWS 2007 File Carving Challenge Jul 09, 2007 http://www.dfrws.org/2007/challenge/submission.html

Conferences

Title Date/Location Website
CanSecWest 2007 Apr 16-20, Vancouver, BC, Canada http://cansecwest.com/
Conference on Digital Forensics, Security and Law Apr 18-20, Washington, DC http://www.digitalforensics-conference.org/
IACIS Computer Forensic Training Event 2007 Apr 23-May 04, Orlando, FL http://www.iacis.com/iacisv2/pages/training.php
Computer and Enterprise Investigations Conference (CEIC) May 06-09, Las Vegas, NV http://www.ceic2007.com/
CONFidence 2007 May 13-14, Cracow, Poland http://2007.confidence.org.pl/
22nd IFIP International Information Security Conference May 14-16, Sandton, South Africa http://www.sbs.co.za/ifipsec2007/
Texas Regional Infrastructure Security Conference (TRISC) May 15-17, Austin, TX http://www.trisc.org/
2007 Techno-Security Conference Jun 03-06, Myrtle Beach, SC http://www.techsec.com/html/Techno2007.html
Computer Security Institute NetSec '07 Jun 11-13, Scottsdale, AZ http://www.gocsi.com/netsec/
2007 USENIX Annual Technical Conference Jun 17-22, Santa Clara, CA http://www.usenix.org/events/
Third Government Forum of Incident Response and Security Teams Conference Jun 25-29, Orlando, FL http://www.us-cert.gov/GFIRST/index.html
First International Workshop on Cyber-Fraud Jul 01-06, San Jose, CA http://www.iaria.org/conferences2007/CYBERFRAUD.html
Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) 2007 Jul 12-13, Lucerne, Switzerland http://www.gi-ev.de/fachbereiche/sicherheit/fg/sidar/dimva/
16th USENIX Security Symposium Aug 06-10, Boston, MA http://www.usenix.org/events/
GMU 2007 Symposium Aug 06-10, George Mason University, Fairfax, VA http://www.rcfg.org
Digital Forensic Research Workshop 2007 Aug 13-15, Pittsburgh, PA http://www.dfrws.org/2007/index.html
HTCIA 2007 International Training Conference & Exposition Aug 27-29, San Diego, CA http://www.htcia-sd.org/htcia2007.html
Recent Advances in Intrusion Detection (RAID) 2007 Sep 05-07, Gold Coast, Queensland, Australia http://www.isi.qut.edu.au/events/conferences/raid07
14th International Conference on Image Analysis and Processing (ICIAP 2007) Sep 10-14, Modena, Italy http://www.iciap2007.org
3rd International Conference on IT-Incident Management & IT-Forensics Sep 11-12, Stuttgart, Germany http://www.imf-conference.org/
Black and White Ball Sep 25-28, London, UK http://www.theblackandwhiteball.co.uk/
Techno-Forensics Conference Oct 29 - 31, Rockville, MD http://www.techsec.com/html/TechnoForensics2007.html
DeepSec IDSC Nov 22-24, Vienna, Austria http://deepsec.net/

On-going / Continuous Training

Title Date/Location or Venue Website
Basic Computer Examiner Course Computer Forensic Training Online http://www.cftco.com
MaresWare Suite Training First full week every month, Atlanta, GA http://www.maresware.com/maresware/training/maresware.htm
Linux Data Forensics Training Distance Learning Format http://www.crazytrain.com/training.html

Scheduled Training Courses

Title Date/Location Website Limitation
SMART for Linux May 07-10, Austin, TX http://asrdata.com/training/training2.html
AccessData Internet Forensics May 08-10, Albuquerque, NM http://www.accessdata.com/training
EnCase v5 Advanced Computer Forensics May 08-11, Washington DC http://www.guidancesoftware.com/training/schedule.asp
SMART Windows Data Forensics May 14-16, Austin, TX http://asrdata.com/training/training2.html
EnCase v5 Intermediate Analysis and Reporting May 15-18, United Kingdom http://www.guidancesoftware.com/training/schedule.asp
Computer Network Investigations Training Program (CNITP) May 15-25, FLETC, Glynco, GA http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/ Limited to Law Enforcement
AccessData Internet Forensics May 22-24 , Solna, Sweden http://www.accessdata.com/training
EnCase v5 Advanced Computer Forensics May 22-25, United Kingdom http://www.guidancesoftware.com/training/schedule.asp
SARC Steganography Examiner Training May 23 - 24, Orlando, FL (National Center for Forensic Science) http://www.sarc-wv.com/training.aspx
First Responder to Digital Evidence Program (FRDE) May 30-Jun 01, FLETC, Glynco, GA http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/ Limited to Law Enforcement
Computer Forensics First Responder May 31, Indianapolis, IN http://www.ifi-indy.org/ifi%20training/train.html
AccessData BootCamp May 31-Jun 02, Myrtle Beach, SC http://www.accessdata.com/training
AccessData Windows Forensics May 31-Jun 02, Myrtle Beach, SC http://www.accessdata.com/training
SMART for Linux Jun 04-07, Austin, TX http://asrdata.com/training/training2.html
AccessData BootCamp Jun 05-07, Albuquerque, NM http://www.accessdata.com/training
Advanced Data Forensics Topics Jun 11-13, Austin, TX http://asrdata.com/training/training2.html
Digital Evidence Acquisition Specialist Training Program (DEASTP) Jun 11-22, FLETC, Glynco, GA http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/ Limited to Law Enforcement
Helix Live Forensics and Incident Response Course Jun 12-14, SEARCH - Sacramento, CA https://www.e-fense.com/register.php
AccessData Internet Forensics Jun 12-14 , Boise, ID http://www.accessdata.com/training
AccessData Windows Forensics Jun 19-21, Dallas, TX http://www.accessdata.com/training
SMART for Linux Jul 09-12, Austin, TX http://asrdata.com/training/training2.html
Cyber Counterterrorism Investigations Training Program (CCITP) Jul 09-13, FLETC, Glynco, GA http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/ Limited to Law Enforcement
SMART Windows Data Forensics Jul 16-18, Austin, TX http://asrdata.com/training/training2.html
Seized Computer Evidence Recovery Specialist (SCERS) Jul 16-27, FLETC, Glynco, GA http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/ Limited to Law Enforcement
AccessData BootCamp Jul 17-19, Boise, ID http://www.accessdata.com/training
AccessData Windows Forensics Jul 24-26, Albuquerque, NM http://www.accessdata.com/training
First Responder to Digital Evidence Program (FRDE) Jul 31-Aug 02, FLETC, Glynco, GA http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/ Limited to Law Enforcement
SMART for Linux Aug 06-09, Austin, TX http://asrdata.com/training/training2.html
Computer Network Investigations Training Program (CNITP) Aug 14-24, FLETC, Glynco, GA http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/ Limited to Law Enforcement
SMART Linux Data Forensics Aug 13-15, Austin, TX http://asrdata.com/training/training2.html
Macintosh Forensic Survival Course Aug 13-17, Fredricksburg, VA http://www.phoenixdatagroup.com/cart/index.php
AccessData Internet Forensics Aug 14-16 , Austin, TX http://www.accessdata.com/training
Helix Live Forensics and Incident Response Course Aug 28-30, Tennessee Bureau of Investigations - Nashville, TN https://www.e-fense.com/register.php
SMART for Linux Sep 03-06, Austin, TX http://asrdata.com/training/training2.html
First Responder to Digital Evidence Program (FRDE) Sep 11-13, FLETC, Glynco, GA http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/ Limited to Law Enforcement
AccessData Applied Decryption Sep 11-13, Dallas, TX http://www.accessdata.com/training
Enterprise Data Forensics Sep 17-19, Austin, TX http://asrdata.com/training/training2.html
Macintosh Forensic Survival Course Sep 24-28, Santa Ana, CA http://www.phoenixdatagroup.com/cart/index.php
AccessData Applied Decryption Sep 25-27, Chicago, IL http://www.accessdata.com/training
AccessData BootCamp Sep 25-27, Solna, SE http://www.accessdata.com/training
SMART for Linux Oct 01-04, Austin, TX http://asrdata.com/training/training2.html
SMART Windows Data Forensics Oct 08-10, Austin, TX http://asrdata.com/training/training2.html
SMART for Linux Nov 05-08, Austin, TX http://asrdata.com/training/training2.html
AccessData BootCamp Nov 06-08, Austin, TX http://www.accessdata.com/training
AccessData Windows Forensics Nov 06-08, Solna, Sweden http://www.accessdata.com/training
SMART Linux Data Forensics Nov 12-14, Austin, TX http://asrdata.com/training/training2.html
SMART for Linux Dec 03-06, Austin, TX http://asrdata.com/training/training2.html
AccessData Internet Forensics Dec 04-06 , Solna, Sweden http://www.accessdata.com/training
Enterprise Data Forensics Dec 10-12, Austin, TX http://asrdata.com/training/training2.html