We’ll get started at 19:05
physical evidence handling
comp6445 week01
Good faith policy
We expect a high standard of professionalism from you at all times while you are taking any of our courses. We expect all students to act in good faith at all times
TLDR: Don’t be a jerk
> whoami
- Lachlan
how to contact me
- [email protected]
- @melon on the SecEdu Slack
- @melon on the SecSoc Discord
- OpenLearning group (W19A Online)
places for course discussion
- seceduau.slack.com/signup
- #cs6445
- #cs6445-23t1-w19a
- discord.gg/???
- comp6445-6845 (under security)
where to access resources
- slides/recordings waugh.zip/6445
- my course notes (not all of them) waugh.zip/notes/comp/6845
> whoareu
- Your name, degree, year?
- Why’d you do the course?
- What time did you sleep last night?
- What courses are you doing this term?
Your credit card number and the 3 wacky digits on the back
Questions
- Are tuts compulsory? No
- Are they recorded? Yes
- Where are these resources? waugh.zip/6445/
Course content
- Investigations (12%)
- 2 x Reports (18% + 20%)
- Reflections (10%)
- Final (40%)
Investigations
don’t leave them to the last minute, you’ll be sad :(
cool to collaborate/work together, but your flags need to be different.
Report
- incident response report
- keep track of everything you find/do
- make sure your process is forensically sound (or at least say it is)
Tooling
- All of tooling works on Linux, can’t confirm it works on other OSs as easily though
- Intensive tools (e.g. Autopsy digests, Wireshark) don’t run as well in a VM, I’d suggest running it on your host
Groups
- I’d suggest grouping up with some people
- Make a Discord/Messenger/Vent (im old) group
Forensic process
- ABD: Always Be Documenting
- Chain of Custody