Digital forensics evidence on a computer network often remains uncollected or ignored, because circumstances make it challenging for an outside investigator to be introduced to a network of any size, mine the appropriate data, and process a highlydimensional data set for a clear and concise reconstruction of events.
WARDEN (wardenforensics.com) is a forensic data collection and analysis platform that provides law enforcement and incident responders the ability to establish a presence on an enterprise computer network, extract evidentiary data from endpoints, and reconstruct events. Today’s network forensics technologies typically focus on the capture and analysis of network communication data; however, there are several artifacts that exist on network devices and workstations that are relevant to digital investigations. WARDEN is a scalable, agent-less solution that extracts these artifacts and provides a means to better navigate heterogeneous endpoints.
Attendees will learn about WARDEN’s capabilities and have the opportunity to utilize its intuitive, hands-on training environment, which provides allows the learner to utilize both graphical and command line interfaces to walk through a simulated forensic investigation or incident response effort. The goal is to provide the attendee with a more thorough understanding of agent-less enterprise level forensics and incident response and associated challenges.
The intuitive nature of the WARDEN training environment allows for a wide range of audiences, from novice to expert.
Attendees desiring to utilize the training environment will need access to a computer running Windows 7 or later, must have sufficient privileges to install the training environment, and must have approximately 40GB in disk space. (if this is not feasible, we may be able to set this up as a web-based activity). Commodity hardware is sufficient