From c72ee14a7aff887e3427e5880607a92dbd5ffc7e Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Thu, 31 Jan 2013 14:23:03 -0700 Subject: [PATCH] class info emails --- doc/2013-02-TF5/c-hst.txt | 75 +++++++++++++++++ doc/2013-02-TF5/c-icc.txt | 84 +++++++++++++++++++ doc/2013-02-TF5/c-mal.txt | 29 +++++++ .../{netre-email.txt => c-net.txt} | 0 4 files changed, 188 insertions(+) create mode 100644 doc/2013-02-TF5/c-hst.txt create mode 100644 doc/2013-02-TF5/c-icc.txt create mode 100644 doc/2013-02-TF5/c-mal.txt rename doc/2013-02-TF5/{netre-email.txt => c-net.txt} (100%) diff --git a/doc/2013-02-TF5/c-hst.txt b/doc/2013-02-TF5/c-hst.txt new file mode 100644 index 0000000..0909a7b --- /dev/null +++ b/doc/2013-02-TF5/c-hst.txt @@ -0,0 +1,75 @@ +Hi all, + +You've been identified as registering for the Host Forensic online track of= + Tracer FIRE 5. We will be conducting a one-day online class and we have s= +plit the group of participants in two. If you're receiving this email, you= + are registered for the Monday session. Wait, you ask what shall I do on T= +uesday? Well, we have an opportunity for you to attend the Incident Coordi= +nator online class. If you are interested in the Incident Coordinator cour= +se, you can email Ben Anderson (brander@sandia.gov) or either myself or Dawn Abbott (emails listed below). + +We've tried to keep attendees from the same site together on the same day. = + If that didn't occur or for some other reason, and you really need to req= +uest a change to attend the Tuesday online course please send an email to m= +yself (ksnauer@sandia.gov) or to Dawn Abbott (dc= +abbot@sandia.gov). + +Also, you will need to have a certain configuration for your computer that = +you'll be using to view and participate in the online course listed below. + +Here are the requirements for virtual students of the Host Forensic track (= +most software is available for free or you can use a trial version): + + +1) You will need a computer running Windows 7 (or a virtual machine ru= +nning Windows 7) with the Lync Attendee client (http://www.microsoft.com/en= +-us/download/details.aspx?id=3D15755). The urls are provided below for all= + of the software mentioned: + +a. Sleuthkit 3.x or 4.0 ( http://www.sleuthkit.org/sleuthkit/download= +.php ) + +b. Volatility 2.1 ( https://www.volatilesystems.com/default/volatility= + ) + +c. Python 2.7.x ( http://www.python.org/download/releases/2.7.3/ ) + +d. PDF Dissector by Zynamics (optional) + +e. Pdfubar ( http://code.google.com/p/pdfubar/ ) + +f. Jdgui ( http://java.decompiler.free.fr/ ) + +g. Java jvm ( http://www.java.com/en/download/index.jsp ) + +h. Ida Pro free version (or commercial if you already have a license) = +http://out7.hex-rays.com/files/idafree50.exe + +i. Wireshark ( http://www.wireshark.org/download.html ) + +j. a hex editor of your choice (example: http://www.hexworkshop.com= +/) + +k. Vmware workstation with Windows installed (for testing malcode) + + + +2) A set of headphones (microphone not necessary) so you can listen in= +to your online class if you're sitting in RECOIL facility (Albuquerque hub = +attendees). If you are participating from the Albuquerque hub, you should = +have received a separate email from Dawn Abbott with directions and a map o= +f our location. + +The url for attending the online class will be: https://meeting.sandia.gov= +/ksnauer/W2NQ7RB5 + +Please join the meeting as a guest if you are not a Sandia staff member and= + use the email address you registered with or just your name and organizat= +ion. + +See you on Monday. + +Thanks, +Kevin Nauer +Sandia National Labs diff --git a/doc/2013-02-TF5/c-icc.txt b/doc/2013-02-TF5/c-icc.txt new file mode 100644 index 0000000..8c8b8a9 --- /dev/null +++ b/doc/2013-02-TF5/c-icc.txt @@ -0,0 +1,84 @@ +Hi all, + +You've been identified as registering for the Incident Coordinator online t= +rack of Tracer FIRE 5 (Online). This is a one-day online class that will b= +e given on Monday and Tuesday. i.e. - The content from Monday will be repe= +ated on Tuesday. Please see the list at the bottom of this email for which= + day you are scheduled for. While I would ask you try and stay with the se= +lected day, the phone bridge will support everyone who requested to attend = +so, if you need to change days, we should be able to accommodate you. Just= + send me an email. (brander@sandia.gov) + +You will need to have a certain configuration for your computer and softwar= +e that you'll be using to view and participate in the online course. These= + are listed below: + +1) You will need a computer running Windows 7 (or a virtual machine ru= +nning Windows 7) with the Lync Attendee client (http://www.microsoft.com/en= +-us/download/details.aspx?id=3D15755). +a. PlotWeaver: Download at: http://ogievetsky.com/PlotWeaver/ + +2) A set of headphones (microphone not necessary) so you can listen in= +to your online class if you're sitting in RECOIL facility (Albuquerque hub = +attendees). If you are participating from the Albuquerque hub, you should = +have received a separate email from Dawn Abbott with directions and a map o= +f our location. + + +The url for attending the online class will be: https://meeting.sandia.gov/= +brander/N5SFHZMN + +Please join the meeting as a guest if you are not a Sandia staff member and= + use the email address you registered with (or just your name and organiza= +tion). + +In conjunction with Lync, we will be using a phone bridge. Lync audio can = +be problematic, so we will have the phone as a backup. + +The phone bridge information: + +Phone #: 505-844-1208 +Or Toll Free within U.S. #: 1-877-720-1159 +Participant code: 186974 + + +Let me know if you have any questions. See you next week. + +Ben Anderson +Sandia National Laboratories +brander@sandia.gov + + +CLASS LIST + +Monday Tuesda= +y +Anna Larez Brian B= +randaw +Diane Den Adel Kevin Bivens +Drew Christensen Greg Cisko +Geoffrey Jones Drew Sandqui= +st +Jennifer O'Sullivan Grant Jansen +Jeremy Teuton Jeff Horne +John Senn Julio M= +asia +Lyron Cobbins Mike Sleepe= +r +Jody Malik mjames +Maria Kaneshiro Richard Grand= +y +Mike Cantrell Senteria = +Jones +Patrick O'Connell Steven Smiley +Samuel Clements Timothy Larkin +Seth Thompson Whinston Antio= +n +Tom Hankins Mark Gomez +Frank Sornson Chris Collo= +rd +Craig Bowser +Sean Nixon +Forrest Reed +Nadine Miller +Dave Davis diff --git a/doc/2013-02-TF5/c-mal.txt b/doc/2013-02-TF5/c-mal.txt new file mode 100644 index 0000000..427266f --- /dev/null +++ b/doc/2013-02-TF5/c-mal.txt @@ -0,0 +1,29 @@ +You are registered for the Tracer Fire Malware Reverse Engineering c= +lass starting February 4th at 8:00AM Mountain time.  I will be conduct= +ing the class through the GotoWebinar (http://www.gotomeeting.com/fec/webinar) + software. Please check requirements for this tool before you attempt to co= +nnect on Monday morning. On Monday morning I will send out the connection d= +etails for the conference bridge and the link for the webinar connection. + +Below are the requirements for participation in the class and labs:
+ +Laptop running VMware Workstation at least version 9. (VMware Fusion on the= + Mac is fine)
+ +Fully configured VMware Workstation Windows 7 virtual machine (An XP image = +will work as well). You must have administrative privileges and be able to = +completely disable AV or remove it on all machines.
+ +If you bring a system with VirtualBox, VMware ESX Server, or anything that = +is not VMware Workstation be aware that some (possibly all) of the labs mig= +ht have problems.
+ +You will need an irc client and the ability to connect to an IRC server on = +the internet. Pidgin is a nice client and tends to work with proxies quite = +well. The IRC server we will be using is irc.oftc.net.  + + +Thanks
+ +Russ
diff --git a/doc/2013-02-TF5/netre-email.txt b/doc/2013-02-TF5/c-net.txt similarity index 100% rename from doc/2013-02-TF5/netre-email.txt rename to doc/2013-02-TF5/c-net.txt