On Wed, Apr 18, 2001 at 10:25:55AM +0500, Doug Elznic wrote: > Is anyone here going to be attending eithher of the forensics lectures > at usenix? And if so which ones? It looks like the one on wednesday is > more hands on than the one on tuesday... Yes, I'll be at both :-) Hands-on isn't the correct word to use - neither of the tutorials has any hands-on aspect to it - far too much to cover, too little time, too many people (I presume), no facilities for it, etc. The first day is best considered an introduction to the terminology, principles, procedures, tools, concepts and etc; the second day builds on this (with what I hope will be a brief overview for those who only attend the second day) and goes into more detail about what you can specifically recover from various systems for various reasons and what you can do with it and how you can relate the pieces to each other. Examples from various investigations that I've participated in are thrown in liberally. I believe that at least some of the forensics tutorials at sansfire are hands on, and the outlines looked quite good. Not that I wouldn't want to see people at my tutorial at Usenix, but if you're looking for hands-on... --- Steve
This archive was generated by hypermail 2b30 : Sat Apr 28 2001 - 11:05:55 PDT