35th Annual Computer Security Applications Conference (ACSAC 2019)

Full Program »

TF: TracerFIRE - Forensic and Incident Response Exercise

Monday, 9 December 2019
08:30 - 12:00

Boardroom II


TracerFIRE (Forensic and Incident Response Exercise) for the U.S. Department of Energy (DOE) is a program developed by Sandia and Los Alamos National Laboratories to educate and train cyber security incident responders (CSIRs) and analysts in critical skill areas. The program also aims to improve collaboration and teamwork among staff members. Under this program, several hundred CSIRs from the DOE, other U.S. government agencies, and critical infrastructure organizations have been trained.

TracerFIRE 9, the latest iteration of the TracerFIRE scenario, is set in a Albuquerque NM, where the electric skateboard startup WheelByte has suffered numerous cyber-attacks. Participants are hired by WheelByte to investigate a series of artifacts and forensic evidence, including malware based off of TinyNuke and the adversarial group OilRig. At the end, teams present their findings in the form of debriefs to a CISO panel.

This is the eighth year TracerFIRE has been offered at ACSAC. Discussion topics in the workshop include incident response, forensic investigation, and live analysis on file system, memory, and malware. Attendees will be introduced to a number of forensic tools and techniques that can later be used to solve forensic challenges on the second half of the workshop each day. Attendees will be able to:


  1. Day 1:
      • Introduction and demo of the tools (2-4 hours)
      • Begin the competition (remainder of the day)
  2. Day 2:
      • Continue the competition
      • Final Debrief and awards (last hour)


Attendees will require a basic understanding of computer systems, networks and general cyber security concepts.

Student Equipment requirements:

Laptop with a remote desktop client installed.

About the Instructors

Kevin Nauer is a member of the technical staff at Sandia and has over 20 years of experience in researching malware and conducting digital forensic analysis. Recently, he has been leading a team of security practitioners to develop engaging scenarios that are used in various capture the flag type of exercises for universities and government agencies. Kevin holds a B.S. and M.S. in Computer Science and has previously served as a Captain in the US Army Intelligence and Security Command where he helped to lead a new organization to conduct digital media exploitation.

Nicholas Kantor is a security researcher at Sandia National Laboratories and a recent graduate from Carnegie Mellon University under their Master’s of Science in Information Security program. At Sandia Nick works on developing security scenarios such as TracerFIRE and research into new and exciting areas of cyber security.


Powered by OpenConf®
Copyright©2002-2020 Zakon Group LLC