Workshop - Introduction to Digital Forensics

September 9, 2023
B-Sides Melbourne


This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

About this event

Participant Level: Intermediate
Duration: Full Day (9am - 4pm)

So you have heard about digital forensics and are intrigued. You've watched NCIS and wondered what it would be like to be Abbey pulling apart hard drives and bringing the winning hand against crime. So you then delight at the announcement of a DFIR CTF and clear your diary for the weekend, excitement and anticipation driving you, you download the evidence, open the challenges and then everything becomes unstuck as you simply do not know where to begin. There are so many tools and they all look so complicated. You close your laptop and head to the couch for a beer instead.

Well we are here to save your liver and help you kick start that DFIR career.

Digital forensics is the application of scientific investigatory techniques to digital crimes and attacks. The fundamentals of digital forensics are often not known, or overlooked during an incident and important evidence can easily be overwritten and lost. Shanna is a long term digital forensics practitioner with years of experience and stories to share on what to do, and what not to do.

During this workshop you will be introduced to the fundamentals of digital forensics, including artefact collection, preservation and analysis. Participants will learn how to start a digital investigation using open source or freely available tools to demonstrate the theory and challenges will be provided to participants to practice along.

We'll utilise freely available CTF questions and evidence to make it accessible for all, and provide a jump start on how to get involved in DFIR challenges and events. Mostly we want to provide a way to get started with DFIR and get you hooked too.

Training Outline:

  • Module 1 - Introductions to the teachers and the outline of the day and what they will learn and how.
  • Module 2 - The what and why of digital forensics. What is digital forensics, the history, the process, the different types of digital forensics, all about what evidence is and chain of custody.
  • Module 3 - The how: Mounting an image, what is the NTFS file system, collecting and parsing artefacts related to the file system, registry, event logs and browser history.
  • Practical component - we will demonstrate along the way in each module how to gather the evidence and parse it and answer the relevant CTF questions showing the participants how to complete each question.​

Key Takeaways:
At the end of this training, the attendees will be have:

  • an understanding of the digital forensics process,
  • what tools are available to use and for what, and
  • how to get started with DFIR CTFs.

What you need:

  • Laptop, virtualisation software, instructions will be provided before the training day for installation.​
  • However, if participants want to play along then they will need to download and install some free to use and open source DFIR tools that we'll provide information for before the day.