Mark Hallman (SANS Institute)

Abstract

This hands on, half day, workshop will cover collecting, filtering, and outputting data with Plaso. We will start with a brief introduction to the component of Plaso to get the class on the same page and then move forward in the details of the tool set. Front end extraction methods such as file filters and parsers will be explored. On the back end we will discuss the options for date range processing using options like slice and slicer as well as analysis plug-ins. The workshop will wrap up with reviewing and analyzing the timeline. 

Whether you are just starting out with Plaso or a seasoned veteran, this workshop will have something for you.  This is a very hands on workshop. We will supply the VM’s and evidence. 

Attendees must bring a laptop with VMware Workstation or Fusion installed. The 30-day demo versions are fine.