Date and Time:
Tuesday, March 21, 16:10 – 18:00

Workshop organiser:
John Sheppard, Ireland, SETU
Dr. Radek Hranický, Czechia, Brno University of Technology
Jan Polišenský, Czechia, Brno University of Technology
Pavel Laskov, Liechtenstein, University of Liechtenstein
Simon Malik, Germany, Albstadt Sigmaringen University
Jimmy McGibney, Ireland, South East Technological University of Ireland
Ondrej Rysavy, Czechia, Brno University of Technology
Rodion Vladimirov, Liechtenstein, University of Liechtenstein

This workshop will be based around a Digital Forensics and Incident Response investigation for a simulated compromised company network and its systems. Attendees will use a supplied VM to connect to a simulated AWS environment. The AWS environment will consist of a number of servers and desktop machines in a cyber physical company network. A scenario will be provided around a case of intellectual property theft and attendees will be guided through the process of prioritising and collecting evidence relevant to the investigation. Having collected the evidence attendees will then use open source tools provided on the VM in order to analyse what has occurred in the company. The environment for this workshop is being developed under and an Erasmus+ Project. The simulated lab and the training materials will be provided to the community to reuse for the purposes of up skilling practitioners or for use with academic environments. The workshop will be provided in a CTF type format.

The workshop participants will get access to an AWS EC2 instance where all necessary software/tools are pre-installed. They will only need a RDP client. All work will be done on this system and necessary files/system information/… will be extracted live during the workshop by them. The IPs to connect to will be provided when we start with the workshop as of now they’re not online/running yet.