Full Program »
Monday, 4 December 2017
08:30 - 12:00
13:30 - 17:00
Two-Day Training Course
Instructors: Kevin Nauer, SeanMichael Galvin, and Kim Ta, Sandia National Laboratories
Tracer FIRE is a forensic incident response exercise offered in a hands-on training format that is live, immersive, and interactive. It is structured as a competitive game allowing students to compete in teams against each other. It was developed at Sandia National Labs to help attract talented students from high schools and universities across the country and introduce them to opportunities in the cyber security field. Tracer FIRE is also used as a training platform for students, giving them new skills in digital forensics, malware reverse engineering, and network analysis.
The Tracer FIRE exercise is built on the concept of situational awareness and is broken down into three levels. The first level is called the perception stage – an incident responder detects something has happened; the next stage is comprehension – incident responders look into what actually happened and determine the nature of the adversary and the type of attack; the final stage is focused on prediction – analysts determine what the adversary was targeting and attempt to predict whether the victim will be targeted again or not.
This is the seventh year Tracer FIRE has been offered at ACSAC. Discussion topics in the workshop include incident response, forensic investigation, and live analysis on file system, memory, and malware. Attendees will be introduced to a number of forensic tools and techniques that can later be used to solve forensic challenges on the second half of the workshop each day. Attendees will be able to:
- Familiarize themselves with the Cyber Kill Chain
- Acquire memory and disk on a live Windows enterprise environment
- Perform forensic analysis on infected disk and memory images
- Analyze traffic on how malware communicates over its command and control (C2) using Wireshark
- Learn about pass-the-hash technique used to compromise enterprise network
The event is opened to everyone, but Sandia especially encourages students and faculty members from the minority serving institutions sponsored by the Department of Energy CECOR (Consortium Enabling Cybersecurity Opportunities and Research) Program.