Greg Castle

Abstract

This workshop is another instance of the GRR workshops at last year's DFRWS conferences. It will be a short introduction for people new to GRR, followed by pure hands-on work. 

Participants will get access to a fully set up GRR environment, including machines to investigate running Windows and Linux, and will learn how to use GRR to solve various forensics tasks. Those tasks range from pretty easy ones like reading files or registry keys to advanced forensics techniques like grabbing artifacts directly from live memory across the whole testbed at the same time. 

Knowledge of GRR is no prerequisite for this workshop but if you'd like to attend, we'd kindly ask you to bring a laptop capable of web browsing. If this is not feasible for some reason, there is of course also the option to collaborate with other participants.