class info emails

doc/2013-02-TF5/c-hst.txt

@@ -0,0 +1,75 @@
+Hi all,
+
+You've been identified as registering for the Host Forensic online track of=
+ Tracer FIRE 5.  We will be conducting a one-day online class and we have s=
+plit the group of participants in two.  If you're receiving this email, you=
+ are registered for the Monday session.  Wait, you ask what shall I do on T=
+uesday?  Well, we have an opportunity for you to attend the Incident Coordi=
+nator online class.  If you are interested in the Incident Coordinator cour=
+se, you can email Ben Anderson (brander@sandia.gov<mailto:brander@sandia.go=
+v>) or either myself or Dawn Abbott (emails listed below).
+
+We've tried to keep attendees from the same site together on the same day. =
+ If that didn't occur or for some other reason,  and you really need to req=
+uest a change to attend the Tuesday online course please send an email to m=
+yself (ksnauer@sandia.gov<mailto:ksnauer@sandia.gov>) or to Dawn Abbott (dc=
+abbot@sandia.gov<mailto:dcabbot@sandia.gov>).
+
+Also, you will need to have a certain configuration for your computer that =
+you'll be using to view and participate in the online course listed below.
+
+Here are the requirements for virtual students of the Host Forensic track (=
+most software is available for free or you can use a trial version):
+
+
+1)      You will need a computer running Windows 7 (or a virtual machine ru=
+nning Windows 7) with the Lync Attendee client (http://www.microsoft.com/en=
+-us/download/details.aspx?id=3D15755).  The urls are provided below for all=
+ of the software mentioned:
+
+a.       Sleuthkit 3.x or 4.0 ( http://www.sleuthkit.org/sleuthkit/download=
+.php )
+
+b.      Volatility 2.1 ( https://www.volatilesystems.com/default/volatility=
+ )
+
+c.       Python 2.7.x ( http://www.python.org/download/releases/2.7.3/ )
+
+d.      PDF Dissector by Zynamics (optional)
+
+e.      Pdfubar ( http://code.google.com/p/pdfubar/ )
+
+f.        Jdgui ( http://java.decompiler.free.fr/ )
+
+g.       Java jvm ( http://www.java.com/en/download/index.jsp )
+
+h.      Ida Pro free version (or commercial if you already have a license) =
+http://out7.hex-rays.com/files/idafree50.exe
+
+i.         Wireshark ( http://www.wireshark.org/download.html )
+
+j.        a hex editor of your choice (example:  http://www.hexworkshop.com=
+/)
+
+k.       Vmware workstation with Windows installed (for testing malcode)
+
+
+
+2)      A set of headphones (microphone not necessary) so you can listen in=
+to your online class if you're sitting in RECOIL facility (Albuquerque hub =
+attendees).  If you are participating from the Albuquerque hub, you should =
+have received a separate email from Dawn Abbott with directions and a map o=
+f our location.
+
+The url for attending the online class will be:  https://meeting.sandia.gov=
+/ksnauer/W2NQ7RB5
+
+Please join the meeting as a guest if you are not a Sandia staff member and=
+ use the email address you registered with or  just your name and organizat=
+ion.
+
+See you on Monday.
+
+Thanks,
+Kevin Nauer
+Sandia National Labs

doc/2013-02-TF5/c-icc.txt

@@ -0,0 +1,84 @@
+Hi all,
+
+You've been identified as registering for the Incident Coordinator online t=
+rack of Tracer FIRE 5 (Online).  This is a one-day online class that will b=
+e given on Monday and Tuesday.  i.e. - The content from Monday will be repe=
+ated on Tuesday.  Please see the list at the bottom of this email for which=
+ day you are scheduled for.  While I would ask you try and stay with the se=
+lected day, the phone bridge will support everyone who requested to attend =
+so, if you need to change days, we should be able to accommodate you.  Just=
+ send me an email.  (brander@sandia.gov<mailto:brander@sandia.gov>)
+
+You will need to have a certain configuration for your computer and softwar=
+e that you'll be using to view and participate in the online course.  These=
+ are listed below:
+
+1)      You will need a computer running Windows 7 (or a virtual machine ru=
+nning Windows 7) with the Lync Attendee client (http://www.microsoft.com/en=
+-us/download/details.aspx?id=3D15755).
+a.       PlotWeaver: Download at: http://ogievetsky.com/PlotWeaver/
+
+2)      A set of headphones (microphone not necessary) so you can listen in=
+to your online class if you're sitting in RECOIL facility (Albuquerque hub =
+attendees).  If you are participating from the Albuquerque hub, you should =
+have received a separate email from Dawn Abbott with directions and a map o=
+f our location.
+
+
+The url for attending the online class will be: https://meeting.sandia.gov/=
+brander/N5SFHZMN
+
+Please join the meeting as a guest if you are not a Sandia staff member and=
+ use the email address you registered with (or  just your name and organiza=
+tion).
+
+In conjunction with Lync, we will be using a phone bridge.  Lync audio can =
+be problematic, so we will have the phone as a backup.
+
+The phone bridge information:
+
+Phone #:   505-844-1208
+Or Toll Free within U.S. #:  1-877-720-1159
+Participant code:  186974
+
+
+Let me know if you have any questions.  See you next week.
+
+Ben Anderson
+Sandia National Laboratories
+brander@sandia.gov
+
+
+CLASS LIST
+
+Monday                                                               Tuesda=
+y
+Anna Larez                                                          Brian B=
+randaw
+Diane Den Adel                                                 Kevin Bivens
+Drew Christensen                                            Greg Cisko
+Geoffrey Jones                                                 Drew Sandqui=
+st
+Jennifer O'Sullivan                                          Grant Jansen
+Jeremy Teuton                                                 Jeff Horne
+John Senn                                                           Julio M=
+asia
+Lyron Cobbins                                                   Mike Sleepe=
+r
+Jody Malik                                                           mjames
+Maria Kaneshiro                                               Richard Grand=
+y
+Mike Cantrell                                                     Senteria =
+Jones
+Patrick O'Connell                                             Steven Smiley
+Samuel Clements                                             Timothy Larkin
+Seth Thompson                                                Whinston Antio=
+n
+Tom Hankins                                                      Mark Gomez
+Frank Sornson                                                   Chris Collo=
+rd
+Craig Bowser
+Sean Nixon
+Forrest Reed
+Nadine Miller
+Dave Davis

doc/2013-02-TF5/c-mal.txt

@@ -0,0 +1,29 @@
+You are registered for the Tracer Fire Malware Reverse Engineering c=
+lass starting February 4th at 8:00AM Mountain time.  I will be conduct=
+ing the class through the GotoWebinar (<a href=3D"http://www.gotomeeting.co=
+m/fec/webinar">http://www.gotomeeting.com/fec/webinar</a>)
+ software. Please check requirements for this tool before you attempt to co=
+nnect on Monday morning. On Monday morning I will send out the connection d=
+etails for the conference bridge and the link for the webinar connection.
+
+Below are the requirements for participation in the class and labs:<br>
+
+Laptop running VMware Workstation at least version 9. (VMware Fusion on the=
+ Mac is fine)<br>
+
+Fully configured VMware Workstation Windows 7 virtual machine (An XP image =
+will work as well). You must have administrative privileges and be able to =
+completely disable AV or remove it on all machines.<br>
+
+If you bring a system with VirtualBox, VMware ESX Server, or anything that =
+is not VMware Workstation be aware that some (possibly all) of the labs mig=
+ht have problems.<br>
+
+You will need an irc client and the ability to connect to an IRC server on =
+the internet. Pidgin is a nice client and tends to work with proxies quite =
+well. The IRC server we will be using is irc.oftc.net.&nbsp;
+
+
+Thanks<br>
+
+Russ<br>